Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...
The Hacker News

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

The vulnerability, tracked as CVE-2025-11953, carries a CVSS score of 9.8 out of a maximum of 10.0, indicating critical severity. It also affects the "@react-native-community/cli-server-api" package ...