A new software supply chain campaign has used malicious npm packages to deliver the PylangGhost remote access trojan, showing that attackers are still abusing open-source registries to target developers and downstream systems. The activity was spotted by a scanner built to track suspected DPRK-linked npm abuse. Two packages were identified with an obfuscated PylangGhost loader: […] The post PylangGhost RAT Spread Through Malicious npm Packages In New Campaign appeared first on Cyber Security News.