Published 3:00 p.m. ET on October 31, 2025; last updated 5:00 p.m. ET on October 31, 2025
This week, an open source malware campaign dubbed ‘PhantomRaven’ has run rampant, flooding the npm registry with over a hundred malicious packages that saw more than 86,000 potential victims before discovery.
*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Sonatype Security Research Team. Read the original post at: https://www.sonatype.com/blog/phantomraven-npm-malware
