New #PhantomRaven #NPM attack wave steals dev data via 88 packages
#npm
Malicious npm Package Exfiltrates Secrets via Discord Webhook
A malicious npm package named pino-sdk-v2 was discovered posing as the pino logging library.
Pulse ID: 69b5d61883ee4f64624dabd1
Pulse Link: https://otx.alienvault.com/pulse/69b5d61883ee4f64624dabd1
Pulse Author: cryptocti
Created: 2026-03-14 21:41:44
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Discord #InfoSec #NPM #OTX #OpenThreatExchange #RAT #bot #cryptocti
How to Steal npm Publish Tokens by Opening GitHub Issues, by @neciudan.dev:
Aikido Security detectó 151 paquetes maliciosos en GitHub con código Unicode invisible para evadir revisiones. Campaña Glassworm suplanta librerías y podría usar LLMs. https://aidoo.news/noticia/WNOm8x
Aikido Security detectó 151 paquetes maliciosos en GitHub con código Unicode invisible para evadir revisiones. Campaña Glassworm suplanta librerías y podría usar LLMs. https://aidoo.news/noticia/WNOm8x
How to Publish to npm From GitHub Actions, by @bahmutov:
Le responsive mobile dompté par #NPM !
Petit coup de propre sur mon instance #LittleLink : grâce à l'injection #CSS via #Nginx #Proxy Manager, j'ai recalé l'affichage mobile au pixel près.
✅ Avatar & boutons alignés en portrait comme en paysage.
✅ Bio centrée et marges stabilisées.
C'est propre, c'est carré, c'est l'esprit SysAdmin !
À voir ici : https://link.blablalinux.be
Social Software Distribution. #activityPub #ATproto #NPM
Posted into THE FEDIVERSE VS. CORPORATE SOCIAL MEDIA @the-fediverse-vs-corporate-social-media-mobileatom
`cargo doc` is such a great tool when it comes to LLMs. It generates docs that are relevant to *your* program, including dependencies and generated code.
I wish NodeJS/NPM had soemthing like this, I hate when LLMs start to grep blindly everywhere to get more info.
🙄 New PhantomRaven NPM attack wave steals dev data via 88 packages
「 PhantomRaven uses a detection evasion technique called Remote Dynamic Dependencies (RDD), where the metadata file 'package.json' specifies a dependency at an external URL. This way, the threat actor does not need to embed malicious code in the package, bypassing automated inspection 」
Pere (@pmontp19)
quiver-ai-provider 패키지 배포 완료: 커뮤니티용 ai SDK 프로바이더로 QuiverAI를 지원하며, 출력은 벡터 이미지로 생성되지만 텍스트 스트리밍도 가능한 특이한 케이스입니다. 개발자 대상 릴리스이며 설치 명령(npm install quiverai-ai-provider ai)과 사용 테스트 요청 포함.
GhostClaw Malware Impersonates OpenClaw CLI on NPM
Pulse ID: 69b025bddbc12f855b7f195b
Pulse Link: https://otx.alienvault.com/pulse/69b025bddbc12f855b7f195b
Pulse Author: cryptocti
Created: 2026-03-10 14:07:57
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Malware #NPM #OTX #OpenThreatExchange #bot #cryptocti
Tool: Dependencies Badge Generator, by (not on Mastodon or Bluesky):
People using #n8n selfhosted, be aware of this vulnerability reported by #wasuh
GhostLoader (March 9, 2026): Malicious npm package used data broker records for targeted spear-phishing of npm maintainers. Attackers bought emails for $0.79 each, then sent personalized phishing with stolen personal details.
This is the new playbook. Data recon is now part of supply chain attacks.
#NPM: A malicious npm package '@openclaw-ai/openclawai' is spreading a full RAT #malware disguised as an #OpenClaw installer. It steals browser data, macOS Keychain entries, crypto wallets, MacOS and cloud credentials:
#SoftwareSupplyChainSecurity
👇
https://thehackernews.com/2026/03/malicious-npm-package-posing-as.html
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst