1
0
1
0
1
0
1
0
0
1
1
0
1
0
VulnHub

AI-Powered Cybersecurity Intelligence

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Source: The Hacker News | Added:

Researchers have identified a software supply chain attack campaign named PhantomRaven, which has targeted the npm registry with over 100 malicious packages. These packages are designed to steal authentication tokens, CI/CD secrets, and GitHub credentials from developers.

Impact: npm registry, GitHub

In the Wild: Yes

Age: Newly disclosed

Remediation: Developers should audit their npm packages and remove any suspicious or unverified packages.

Read Full Original Article →