PhantomRaven Supply-Chain Attack Infects npm Ecosystem

Cyber Security News by CyberSum.net

Published on October 31, 2025 at 12:00 PM

7 sources

Koi Security has uncovered a massive supply-chain campaign dubbed PhantomRaven, which has silently infected the npm ecosystem with 126 malicious packages downloaded over 86,000 times. The campaign, active since August 2025, steals npm authentication tokens, GitHub credentials, and CI/CD secrets while concealing its malicious code in dependencies invisible to most security scanners. The attackers used Remote Dynamic Dependencies (RDD) and a novel infection vector called slopsquatting, which leverages AI-driven hallucinations to create plausible-sounding package names.

Also Read

Cyber Espionage Campaign SkyCloak Targets Military Personnel

Researchers at SEQRITE Labs have uncovered a stealthy cyber espionage campaign dubbed 'Operation SkyCloak,' targeting military personnel from multiple countries. The campaign uses a multi-stage PowerShell-based intrusion chain for persistent, covert remote access within military and defense networks. SkyCloak's unusual cross-border focus suggests an escalation in intelligence warfare, with the infection chain beginning with phishing ZIP archives disguised as military documents. The malware employs advanced evasion techniques, including anti-sandbox checks and Tor-based communication channels, to maintain stealthy operations.

By Cyber Security News by CyberSum.netNovember 3, 2025 at 09:00 AM