Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...
The Hacker News

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...

Next.js 16正式版发布:性能架构双升级,引领前端新潮流

全球前端开发领域迎来重要时刻——Next.js 16正式版本已正式发布。这个在npm下载量长期位居React生态第二位的框架,正从单纯的"React服务端渲染解决方案"蜕变为现代前端开发的核心基础设施,成为众多企业级项目的首选技术栈。 自2016年诞生以来,Next.js始终保持着技术创新的领先地位。从开创性的服务端渲染(SSR)模式,到革命性的App ...

Infostealer for Windows, macOS and Linux found in ten packages on npm

The npm packages were available since July, have elaborately obfuscated malicious routines, and rely on a fake CAPTCHA to ...

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here ...

Almost a dozen malicious npm packages, delivering dangerous infostealing malware, were downloaded roughly 10,000 times before ...
Developer Tech

Malware campaign on npm steals AWS, GCP, and Azure cloud keys

An advanced malware campaign on the npm registry steals the very keys that control enterprise cloud infrastructure.