CSOonline

Malicious packages in npm evade dependency detection through invisible URL links: Report

Threat actors are finding new ways to insert invisible code or links into open source code to evade detection of software supply chain attacks. The latest example was found by researchers at ...
Bleeping Computer

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. The activity started in ...
Infosecurity-magazine.com

Open Source Community Thwarts Massive npm Supply Chain Attack

A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8, Josh Junon, a developer with over 1800 GitHub ...