Malicious npm package steals WhatsApp accounts and messages
From BleepingComputer to All on Mon Dec 22 11:47:41 2025
A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account. [...]