New npm Supply Chain Attack Uses undicy-http to Deploy Screen-Streaming RAT and Browser Injector
01/04/2026-10:55 01/04/2026-11:00 מחשבים וטכנולוגיה Cyber Security News דיווח
A malicious npm package named undicy-http has surfaced inside the Node.js developer ecosystem, quietly compromising machines of developers who mistakenly install it. The package impersonates undici, the official HTTP client library bundled with Node.
