#phantomraven

[ follow ]
#software-supply-chain #npm #credential-theft #remote-dynamic-dependency
Information security
fromThe Hacker News
1 day ago

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

A PhantomRaven supply-chain campaign on npm uses attacker-hosted remote dynamic dependencies to steal developer authentication tokens, CI/CD secrets, and GitHub credentials.
[ Load more ]