Attackers published 148 malicious npm packages disguised as student proxy tools that, when installed, turned users' browsers into a distributed denial-of-service botnet without their knowledge. Organizations should audit their npm dependencies immediately
Read the full article: https://thehackernews.com/2026/07/148-npm-packages-disguised-as-student.html