Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
When combined with another exploit, the "PromptFiction" vulnerability, which has been fixed, could have enabled an end-to-end attack on a targeted system.