The Hacker News

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...
CSO Online

Typo hackers sneak cross-platform credential stealer into 10 npm packages

The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...

Watch This Designer Turn a Boring Coat Closet Into a Mudroom Masterpiece

With a keen eye toward possibilities and a creative mindset, Kiersten Brien transformed an entryway and included bonus hidden ...
Developer Tech

React Native Godot library merges 3D graphics with business apps

A new library, React Native Godot, enables developers to embed the open-source Godot Engine for 3D graphics within a React ...
Developer Tech

Malware campaign on npm steals AWS, GCP, and Azure cloud keys

An advanced malware campaign on the npm registry steals the very keys that control enterprise cloud infrastructure.