Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first
![]()
source https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html
source https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html