Researchers discovered 60 malicious packages on NPM designed to collect sensitive host and network information, sending it to a Discord webhook. These packages, which were uploaded under misleading names, posed a significant risk for targeted network attacks, and although reported, some remained available for download at the time of writing. Additionally, another campaign involved eight typosquatting packages capable of deleting files and corrupting data, which had been present on NPM for two years.