New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. [...]
New PhantomRaven NPM attack wave steals dev data via 88 packages
Résumé + lien vers la source. Sans paywall, sans tracking.