bleepingcomputer.com › news › security New IronWorm malware hits 36 packages in npm supply-chain attack … The commit author appears as “claude,” and the timestamps point to several years ago, up to 13 years in some cases, even though they were pushed in the past few days. … Jun 4, 2026 · Bill Toulas