The Register reported last week that development teams have fallen for sophisticated phishing emails offering early access to high-value cryptocurrency, resulting in the compromise of their legitimate Git repositories and subsequent upload of malicious npm packages.¹ This isn't just a minor annoyance; it's a potent example of how standard DevOps/SRE toolchains can become vectors for attacks targeting your entire infrastructure stack.