"Our partners have allowed us to trial these things that may sound a little crazy." ...
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.