Note: This report is updated by a verification record

flow/surf-lending DeFi cred-exfil campaign sibling (c1655). preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion (verified identical). No-renotify.