PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
Visual Studio Magazine

NuGet.org Adds Sponsorship Links to Support Package Maintainers

New NuGet.org feature lets package authors add sponsor links so users can support maintainers directly through approved funding platforms.
InfoWorld

GitHub launches Agent HQ to bring order to AI-powered coding

The platform unites AI coding agents in one environment to streamline enterprise workflows and enhance governance, security, ...
Infosecurity Magazine

Npm Malware Uses Invisible Dependencies to Infect Dozens of Packages

The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads ...

Invisible npm malware pulls a disappearing act – then nicks your tokens

A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, ...

GitHub Opens Up to Multiple Third Party Agents

On the opening day of GitHub Universe 2025, GitHub announced Agent HQ, its vision for the future of the platform.

Claude Code trojan found in NPM

Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...

10 Key Takeaways From GitHub Octoverse 2025 Report

The timing of the Octoverse 2025 report release during the conference proved strategic, as it provided attendees with ...

GitHub's Agent HQ aims to solve enterprises' biggest AI coding problem: Too many agents, no central control

GitHub is making a bold bet that enterprises don't need another proprietary coding agent. They need a way to manage all of them.