A remote access trojan known as PylangGhost has appeared on the npm registry for the first time, concealed inside two malicious JavaScript packages. The malware, first publicly disclosed by Cisco Talos in June 2025 and attributed to the North Korean state-sponsored threat group FAMOUS CHOLLIMA, marks a significant escalation in software supply chain attacks targeting […] The post Malicious npm Packages Deliver PylangGhost RAT in New Software Supply Chain Campaign appeared first on Cyber Security News.