Dark Web Informer is reporting a threat actor is selling a critical, unverified npmjs vulnerability that would allegedly allow for account takeover. BreachForums member Alderson1337 claims to have found a vulnerability that would enable the following:Targeting npm accounts of specific organization employees to inject undetectable backdoors into the packages they use. Once these packages are updated, all organization devices could be compromised.Targeting npm accounts of developers whose packages...