🚨 Alert => [New supply chain attack declared]: vite-config-react vite-config-react is an npm package posing as a Vite React config helper, riding on the popularity of the Vite build tool to lure front-end developers into installing it. Malware was found in it (GHSA-9j99-p89c-pjwq). Any system with it installed or running is fully compromised, with attackers gaining full control. → Isolate from network, rotate all secrets and signing keys from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incide… #supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #viteconfigreact #malware #DevSecOps #AppSec #ThreatIntel #OpenSource