Invisible npm malware pulls a disappearing act – then nicks your tokens

The Register
Oct 30, 2025, 10:19 am141 pts
PhantomRaven slipped over a hundred credential-stealing packages into npm A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, tokens, and secrets during installation. The packages appear safe when first downloaded, making them particularly…

Read Article Share
Share Article
- email
- x.com
- facebook
- pocket
- reddit
- tumblr
- linkedin
- pinterest

Trending Today on Tech News Tube

The FCC is letting SpaceX launch 7,500 more Starlink satellites

The Verge

The FCC is letting SpaceX launch 7,500 more Starlink satellites 130

GameStop reportedly shuts down more than 400 US stores

Engadget

GameStop reportedly shuts down more than 400 US stores 127

These smart home devices impressed me at CES 2026

The Verge

These smart home devices impressed me at CES 2026 126

Walmart Announces Drone Delivery, Integration with Google's AI Chatbot Gemini

Slashdot

Walmart Announces Drone Delivery, Integration with Google's AI Chatbot Gemini 126

Nature-Inspired Computers Are Shockingly Good At Math

Slashdot

Nature-Inspired Computers Are Shockingly Good At Math 124

Google's new commerce framework cranks up the heat on 'agentic shopping'

Engadget

Google's new commerce framework cranks up the heat on 'agentic shopping' 123

Elon Musk: X's New Algorithm Will Be Made Open Source in Seven Days

Slashdot

Elon Musk: X's New Algorithm Will Be Made Open Source in Seven Days 120

Cory Doctorow: Legalising Reverse Engineering Could End 'Enshittification'

Slashdot

Cory Doctorow: Legalising Reverse Engineering Could End 'Enshittification' 112

About Tech News Tube

Tech News Tube is a real time news feed of the latest technology news headlines.

Follow all of the top tech sites in one place, on the web or your mobile device.

Featured

California's governor plans to set aside…

California's governor plans to set aside $200 million for state EV tax credits

Gentoo Linux Plans Migration from GitHub…

Gentoo Linux Plans Migration from GitHub Over 'Attempts to Force Copilot Usage…

Chicken versus traffic! My obsession…

Chicken versus traffic! My obsession with the world’s most addictive hopper

I tested the Insta360 Link 2…

I tested the Insta360 Link 2 pan-and-track webcam - and it's helped me deliver…

Wing's drone deliveries are coming to…

Wing's drone deliveries are coming to 150 more Walmarts

C# (and C) Grew in Popularity in 2025,…

C# (and C) Grew in Popularity in 2025, Says TIOBE

How to watch Industry season 4 online…

How to watch Industry season 4 online from anywhere — stream the financial…

I tested the Canon EOS R6 Mark III —…

I tested the Canon EOS R6 Mark III — it's a near-perfect hybrid camera, with…

Did You Get an Instagram Password Reset…

Did You Get an Instagram Password Reset Email Recently? This Might Be the Very…

Elon Musk says X's new algorithm will be…

Elon Musk says X's new algorithm will be made open source next week