A fake npm package has been caught silently stealing sensitive developer credentials by impersonating the widely trusted TanStack library. The package, published under the unscoped name “tanstack” on the npm registry, tricked developers into installing it instead of the legitimate “@tanstack/*” packages. Once installed, it ran hidden scripts that sent environment variable files straight to […] The post Malicious npm Package Brand-Squats TanStack Exfiltrate Developer Secrets appeared first on Cyber Security News.