Hackers Push 22 Versions of npm RAT With Wallet Theft and Persistent Backdoor

**Malicious npm supply-chain campaign deploying persistent infostealer:** A malicious npm package (forge-jsxy, successor to forge-jsx) was published and updated rapidly to deploy a cross-platform agent that harvests cryptocurrency wallet keys, browser extensions, credentials, keystrokes, clipboard data, and screenshots, includes persistence that survives npm uninstall, supports remote command-and-control and auto-upgrades, and has documented IoCs for mitigation.