Hackaday

PhantomRaven Attack Exploits NPM’s Unchecked HTTP URL Dependency Feature

Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here ...

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection.

NPM 仓库遭恶意软件包攻击,下载量超 8.6 万次:利用远程动态依赖 ...

攻击者正在利用一个重大漏洞,该漏洞使他们能够访问 NPM 代码仓库,自 8 月份以来,已上传超过 100 个凭据窃取软件包,并且大部分未被检测到。 安全公司 Koi 周三发布的调查结果,揭示了 NPM 的一项实践,该实践允许已安装的软件包自动从不受信任的域拉取并运行未经审查的软件包。Koi 表示,其追踪的一个名为 PhantomRaven 的活动利用 NPM 的“远程动态依赖(Remote ...

Claude Code trojan found in NPM

Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...
腾讯网

藏师傅想解决 Claude Code 最恶心的问题

我不知道你们有没有遇到过这个问题。因为 Anthropic 的恶心操作,我们使用 Claude Code 必须使用代理 API,同时国内模型比如智谱、Kimi 的新模型对于 Claude Code 的支持。我们需要维护的 Cluade Code ...