Supply Chain Attack

Tẹ̀lé

Malicious packages overwhelm NPM with over 86,000 downloads

Theo Klein

Security firm Koi has uncovered a campaign called PhantomRaven that flooded the NPM registry with 126 malicious packages since August. These packages, downloaded more than 86,000 times, exploit a feature allowing unvetted dependencies from untrusted sites. As of late October 2025, about 80 of the packages remained available.

Oju opo wẹẹbu yii n lo kuki

A n lo kuki fun àlàyé lati le mu didara oju opo wẹẹbu wa dara. Ka eto imulo wa eto imulo fun alaye diẹ sii.
Kọ