New PhantomRaven npm wave uses 88 malicious packages to steal developer secrets

A new wave of the PhantomRaven supply-chain campaign has hit the npm ecosystem, with Endor Labs identifying 88 malicious packages spread across three attack waves between November 2025 and February 2026. The researchers say the packages steal sensitive data from developers, including emails, system details, and CI/CD tokens, and that 81 of the 88 packages […] The post New PhantomRaven npm wave uses 88 malicious packages to steal developer secrets appeared first on VPN Central.