Cybersecurity researchers have disclosed details of what has
been described as a "sustained and targeted" spear-phishing
campaign that has published over two dozen packages to the npm
registry to facilitate credential theft. The activity, which
involved uploading 27 npm packages from six different npm aliases,
has primarily targeted sales and commercial personnel at
critical
Read more https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html
