Bleeping Computer

Compromised JavaScript Package Caught Stealing npm Credentials

A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...
TechRadar

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

At least 10 packages were uploaded in early July 2025 When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Ten typosquatted npm packages delivered ...
Bleeping Computer

LofyGang hackers built a credential-stealing enterprise on Discord, NPM

The 'LofyGang' threat actors have created a credential-stealing enterprise by distributing 200 malicious packages and fake hacking tools on code hosting platforms, such as NPM and GitHub. Researchers ...