Bleeping Computer

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. The activity started in ...
ZDNet

Malicious npm packages target Azure developers to steal personal data

According to researchers Andrey Polkovnychenko and Shachar Menashe, the repositories were first detected on March 21 and steadily grew from roughly 50 malicious npm packages to over 200 in a matter of ...
Infosecurity-magazine.com

Npm Malware Uses Invisible Dependencies to Infect Dozens of Packages

An ongoing npm credential harvesting campaign operating since August 2025 has been discovered by researchers at Koi Security. The malware, dubbed PhantomRaven by the researchers, is actively stealing ...
ZDNet

Malicious npm packages caught installing remote access trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
Threat Post

Thousands of Malicious npm Packages Threaten Web Apps

Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors. More than ...
Bleeping Computer

Popular npm linter packages hijacked via phishing to drop malware

Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The attacker(s) used stolen ...