PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...

Claude Code trojan found in NPM

Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...
Infosecurity Magazine

Npm Malware Uses Invisible Dependencies to Infect Dozens of Packages

The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads ...

Invisible npm malware pulls a disappearing act – then nicks your tokens

A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, ...
Visual Studio Magazine

NuGet.org Adds Sponsorship Links to Support Package Maintainers

New NuGet.org feature lets package authors add sponsor links so users can support maintainers directly through approved funding platforms.

After major attack: Package manager NPM cuts old security ties

First steps were taken a few days ago, and more are to follow. Users and developers in the NPM ecosystem must act in the coming weeks.

Claude can be tricked into sending your private company data to hackers - all it takes is some kind words

Wunderwuzzi showed he was able to trick Claude into reading private user data, save that data inside the sandbox, and upload ...
SecurityWeek

Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware

Visual Studio developers are targeted with a self-propagating worm in a sophisticated supply chain attack through the OpenVSX ...

Mem0 raises $24M from YC, Peak XV and Basis Set to build the memory layer for AI apps

Mem0 fixes that. Singh calls it a “memory passport,” where your AI memory travels with you across apps and agents, just like ...