MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
npm
Search

Invisible npm malware pulls a disappearing act – then nicks your tokens

Thursday October 30, 2025. 03:19 PM , from TheRegister
PhantomRaven slipped over a hundred credential-stealing packages into npm
A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, tokens, and secrets during installation. The packages appear safe when first downloaded, making them particularly difficult for security apps to identify.…
Read more at TheRegister
https://go.theregister.com/feed/www.theregister.com/2025/10/30/phantomraven_npm_malware/

Related News

npm YouTube's AI Moderator Pulls Windows 11 Workaround Videos, Calls Them Dangerous SlashdotOct 31
packages YouTube's AI moderator pulls Windows 11 workaround videos, calls them dangerous TheRegisterOct 31
tokens Android malware types like your gran to steal banking creds TheRegisterOct 28
pulls IObit releases Malware Fighter 13 with pre-boot scanning and behavior-based detection BetaNewsOct 27
malware Hackers Used Thousands of YouTube Videos To Spread Malware SlashdotOct 24
invisible Browser Promising Privacy Protection Contains Malware-Like Features, Routes Traffic Through China SlashdotOct 24
nicks AI-powered malware surges as cybercriminals exploit automation and geopolitical tensions BetaNewsOct 24
phantomraven Google nukes 3,000 YouTube videos that sowed malware disguised as cracked software TheRegisterOct 23
act SpaceX pulls plug on 2,500 Starlink terminals tied to Myanmar fraud farms TheRegisterOct 23
disappearing Fake Homebrew Google Ads Push Malware Onto macOS SlashdotOct 22
then Cybercriminals turn to stealth to bypass malware detection BetaNewsOct 21
npm How malware vaccines could stop ransomware's rampage TheRegisterOct 21
packages The FTC Is Disappearing Blog Posts About AI Published During Lina Khan’s Tenure Wired: Tech.Oct 20
tokens Open source malware up 140 percent BetaNewsOct 15
pulls The incredible disappearing black eye of Katie Daviscourt BoingBoingOct 9
malware Fortnite pulls Peacemaker-themed cosmetic for Nazi association BoingBoingOct 3
invisible Chainguard offers malware-resistant JavaScript libraries InfoWorldOct 2
nicks Imgur Pulls Out of UK as Data Watchdog Threatens Fine SlashdotSep 30
phantomraven Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects TheRegisterSep 26
act ICE officer pulls gun on bystanders in Maryland as man pleads "I am American" (video) BoingBoingSep 26
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Oct, Fri 31 - 23:20 CET