The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
NAIC has confirmed it was targeted in the recent hacking campaign that exploited an Oracle PeopleSoft zero-day vulnerability.