Malware4 min read
Fake Paysafe and Skrill SDKs on npm and PyPI Steal CI/CD Secrets
17 malicious packages masquerading as payment processor SDKs exfiltrate API keys, AWS credentials, and GitHub tokens from developer environments. Packages flagged within 6 minutes of upload.
James RiveraJul 9, 2026