TrapDoor: Malicious npm, PyPI, Crates.io Packages Target Developer Secrets & AI Tooling Researchers identified a coordinated supply chain malware campaign named TrapDoor, involving waves of malicious packages across npm, PyPI, and Crates.io. Public reports tie the activity to credential theft and environment compromise, with an emphasis on developer secrets, crypto assets, and persistence on workstations […]