Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft.
The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html