The Hacker News

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign.
SecurityWeek

In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware

Other noteworthy stories that might have slipped under the radar: US universities targeted by payroll pirates, Zimbra ...
Cyber Daily

Discord updates breach disclosure, government IDs of tens of thousands compromised

At least 70,000 government IDs used for age assurance exposed in third-party support breach impacting Discord users around ...
The Hacker News

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Fortinet warns Stealit malware uses Node.js SEA and fake installers to deliver stealers, RATs, and persistence.
CCN on MSN

Chrome Exploit CVE-2025-10585 Could Drain Your Crypto: How to Stay Protected

Update Chromium-based browsers to the patched Chrome/Edge/Opera builds and relaunch them. A non-updated browser stays ...