5 threats in this category
PhantomRaven campaign flooded npm with 200+ malicious packages (86,000+ potential victims) using a new evasion tactic: remote dynamic dependencies. What's clever: packages advertise 'zero dependencies…
Category: Threat Intelligence / Supply Chain / Supply Chain
Socket discovered 10 malicious npm packages delivering infostealer malware across Windows, Linux, and macOS. What's sophisticated: 4 layers of obfuscation hide payloads, fake CAPTCHA appears legitimat…
Category: Threat Alerts / Supply Chain / Supply Chain
Koi Security discovered PhantomRaven campaign compromising 86,000+ npm downloads via Remote Dynamic Dependencies (RDD)—an obscure npm feature allowing HTTP URLs as package dependencies. What's clever:…
Category: Threat Alerts / Supply Chain / Supply Chain
Koi researchers detail PhantomRaven campaign exploiting npm's Remote Dynamic Dependencies feature that allows HTTP URLs as package dependencies. What's wild: this feature lets packages download code f…
Category: Threat Alerts / Supply Chain / Supply Chain
Researchers discovered ten malicious npm packages mimicking popular libraries such as TypeScript, React Router, and Discord.js. These packages deploy an infostealer payload built with PyInstaller, ste…
Category: Threat Intelligence / Malware / Supply Chain