PhantomRaven attack floods npm with credential-stealing packages
From BleepingComputer to All on Wed Oct 29 12:49:26 2025
An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. [...]