On March 16, 2026, researchers discovered a coordinated supply chain attack targeting two popular React Native npm packages. The compromised releases inject an install-time loader that silently downloads and executes a multi-stage Windows credential and cryptocurrency stealer. Developers trigger the infection simply by running a routine npm installation. The Supply Chain Attack The threat actor […] The post Credential-Stealing npm Malware Found In Popular React Native Packages appeared first on Cyber Security News.