Cybersecurity researchers at Socket have uncovered a new supply chain attack orchestrated by Lazarus Group, the notorious North Korean state-sponsored APT. The attack involves a malicious npm package named postcss-optimizer, which is designed to infiltrate developer environments and steal sensitive data.

‍