Information security
fromThe Hacker News
1 week agoMalicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
A malicious npm package used prompt-injection text to try to influence AI security scanners while exfiltrating environment variables via a post-install hook.