Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

PhantomRaven

PhantomRaven campaign places malicious code in 126 npm packages

Cybercrime, News, Research, Risk, Vulnerabilities

October 30, 2025

Researchers say a campaign codenamed PhantomRaven has placed malicious code into 126 npm packages since August 2025, using external dynamic dependencies to steal authentication tokens, CI/CD secrets and GitHub credentials; Koi Security and DCODX published analyses.

About
Editorial Policy
Privacy
Contact