PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Updated on October 30, 2025

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers’ machines.
The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first…

Read the rest of the story at Read More

Source: The Hacker News

December 11, 2023 Uncategorized

SpyLoan Scandal: 18 Malicious Loan Apps ...

November 12, 2024 Uncategorized

New Ymir Ransomware Exploits Memory for ...

March 5, 2025 Uncategorized

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Related posts

SpyLoan Scandal: 18 Malicious Loan Apps ...

New Ymir Ransomware Exploits Memory for ...

Seven Malicious Go Packages Found Deploy...

Leave a Comment Cancel reply

Recent News

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide