Useful writeup on the NPM worm that's been spreading today. tl;dr 2FA should help reduce your risks if you're careful, it might steal your AWS/Azure/GCP secrets though. Windows users are fine. 🤪

https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/