Security News Malicious npm package steals WhatsApp accounts and messages BleepingComputer Daniel Bender 22 Dec 2025 A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account.
