technology #BizIT #Security #CredentialTheft #Cryptomining #GitHub #Npm #SupplyChainAttacks Yearlong supply-chain attack targeting security pros steals 390K credentials Ars Technica Dec 13