On the one hand, it's a testament to the succes of Node.js and the wildly popular npm ecosystem. On the other hand, there is work needed to make things more secure. Perhaps by adding security boundaries (like Deno, but better) or having a more well rounded standard library.

"These tactics were found in malvertising campaigns targeting users with cryptocurrency-themed lures, as well as in phishing-based social engineering schemes." That quote makes it sound less dramatic though, as the crypto field is littered with scam artists and "phishing-based social engineering" transcends Node.js.