Cybersecurity researchers have uncovered two hijacked npm
packages and a cluster of Go packages that are designed to deploy a
Python-based information stealer on compromised Windows, Linux, and
macOS hosts. "This attack avoids the most common npm execution
paths through lifecycle scripts, perhaps in an attempt to remain
'compatible' with npm v12's security hardenings," JFrog said in
a
Read more https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html

