JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
GPT-5.6 was already running in Codex for some users before OpenAI’s government-approved preview opened to partners. A ...