27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Updated on December 29, 2025

Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft.
The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical…

Read the rest of the story at Read More

Source: The Hacker News

October 18, 2025 Uncategorized

New .NET CAPI Backdoor Targets Russian A...

October 27, 2025 Uncategorized

New ChatGPT Atlas Browser Exploit Lets A...

December 15, 2023 Uncategorized

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Related posts

New .NET CAPI Backdoor Targets Russian A...

New ChatGPT Atlas Browser Exploit Lets A...

New NKAbuse Malware Exploits NKN Blockch...

Leave a Comment Cancel reply

Recent News

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can’t)

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes