A coordinated supply chain attack struck the developer community on March 16, 2026, when a threat actor known as Glassworm backdoored two widely used React Native npm packages, turning them into silent credential and cryptocurrency stealers. The affected packages — react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 — were published within minutes of each other by the same publisher, AstrOOnauta, and together accounted […]
The post Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: