The PhantomRaven malware campaign targeting the npm supply chain has resurfaced with new waves of attacks, exploiting vulnerabilities in how dependencies are managed in npm packages. Identified by Endor Labs, the new waves Wave 2, 3, and 4 were distributed between November 2025 and February 2026. While some malicious packages have been removed, many remain […] The post npm Supply Chain Under Attack Again By PhantomRaven Malware Targeting Developer Secrets appeared first on Cyber Security News.