In October 2025, security researchers uncovered an unprecedented phishing campaign that weaponizes the npm ecosystem”, not by infecting developers during package installation, but by abusing the unpkg.com CDN as a disposable hosting platform for malicious JavaScript. By seeding over 175 throwaway npm packages, attackers have turned a trusted open source delivery network into a large-scale phishing […] The post Malicious NPM Packages Used in Sophisticated Developer Cyberattack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/npm-packages-2/
