NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials.

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...