
Malicious npm and PyPI Packages Target Payment Developers With Fake SDK Facades
A coordinated malware campaign has recently struck the open-source software supply chain, targeting developers working on popular secure payment applications. On July 7, 2026, automated security scanners detected a cluster of 17 malicious packages published nearly simultaneously across the npm and PyPI registries. These packages were designed to mimic legitimate software development kits (SDKs) for […]
The post Malicious npm and PyPI Packages Target Payment Developers With Fake SDK Facades appeared first on Cyber Security News.