Supply Chain Attack

Fuatilia

Malicious packages overwhelm NPM with over 86,000 downloads

Theo Klein

Security firm Koi has uncovered a campaign called PhantomRaven that flooded the NPM registry with 126 malicious packages since August. These packages, downloaded more than 86,000 times, exploit a feature allowing unvetted dependencies from untrusted sites. As of late October 2025, about 80 of the packages remained available.

Tovuti hii hutumia kuki

Tunatumia kuki kwa uchambuzi ili kuboresha tovuti yetu. Soma sera yetu ya faragha sera ya faragha kwa maelezo zaidi.
Kataa