Click here - to use the wp menu builder

PhantomRaven: npm Malware Evolves Again

October 31, 2025

Published 3:00 p.m. ET on October 31, 2025; last updated 5:00 p.m. ET on October 31, 2025

This week, an open source malware campaign dubbed ‘PhantomRaven’ has run rampant, flooding the npm registry with over a hundred malicious packages that saw more than 86,000 potential victims before discovery.

*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Sonatype Security Research Team. Read the original post at: https://www.sonatype.com/blog/phantomraven-npm-malware

BladeOne

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

Bipartisan healthcare cyber legislation advances in Senate

Expect Iran to Launch Cyber-Attacks Globally, Warns Google Head of Threat Intel

Alleged India-linked espionage campaign targeted Pakistan, Bangladesh, Sri Lanka

Vibe coding service Lovable accused of hosting malware-ridden apps exposing thousands of users — it says they should take more care

Dohdoor Malware Targets U.S. Schools and Healthcare In Multi-Stage Campaign

APT37 combines cloud storage and USB implants to infiltrate air-gapped systems

With Iran strikes, geopolitical chaos again haunts commercial aviation

Palm Oil Extends Gains into March on Geopolitical Tailwinds

Australian Shares Retreat on Geopolitical Tensions

Focus On New Geopolitical Environment, Asset Allocation

Global markets after Iran strikes: oil surges, airlines sink, bonds defy safe-haven playbook

European stocks set to slump as markets react to U.S., Israeli strikes on Iran

Global markets show resilience amid Middle East tensions: Matt Orton

War shock: Global markets plummet as U.S.-Iran conflict escalates

How AI technology is both powering and polarizing the modern job search

China’s Policy Summit Puts Tech, Stimulus in Focus for Investors

Cal Poly Partners expands Technology Park with new collaborative facility

Small Business Technology News: A ChatGPT Smart Speaker

Iran’s Goal Is to Make US and Israel Pay for Killing Khamenei

Supreme Court Rebuffs Challenge to Ban on Gun Ownership by Nonviolent Felons

3 US Jets Shot Down in ‘Friendly Fire’ in Kuwait, Pentagon Says

British exporters pivot away from America as global conflicts and trade tariffs bite

PhantomRaven: npm Malware Evolves Again

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Iran’s Goal Is to Make US and Israel Pay for Killing Khamenei

Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

Bipartisan healthcare cyber legislation advances in Senate