Tech Feb 24, 2026 updated 6 min npm supply-chain worm 'SANDWORM_MODE' targets AI development environments, stealing crypto keys and CI secrets Socket reports an active campaign using 19 malicious npm packages. It targets AI development environments such as Claude, Cursor, and VS Code, stealing SSH keys, npm tokens, and API keys, and then propagates via a worm. npm Security Supply Chain Malware AI Development
