Equinix to build £3.9bn Hertfordshire data centre
Equinix plans to invest £3.9 billion in the project, which will deliver 250+MW of compute
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection.
The finding, laid out Wednesday by security firm Koi, brings attention to an NPM practice that allows installed packages to automatically pull down and run unvetted packages from untrusted domains. Koi said a campaign it tracks as PhantomRaven has exploited NPM’s use of “Remote Dynamic Dependences” to flood NPM with 126 malicious packages that have been downloaded more than 86,000 times. Some 80 of those packages remained available as of Wednesday morning, Koi said.
“PhantomRaven demonstrates how sophisticated attackers are getting [better] at exploiting blind spots in traditional security tooling,” Koi’s Oren Yomtov wrote. “Remote Dynamic Dependencies aren’t visible to static analysis.”
Source Link: https://educronix.com/npm-flooded-with-malicious-packages-downloaded-more-than-86000-times/ Author: Dan Goodin - Published on: 2025-10-29 20:04:45This post was originally published on this siteEquinix plans to invest £3.9 billion in the project, which will deliver 250+MW of compute
Key takeaways What Is Imagine Lens—and Why It Matters Snapchat’s Imagine Lens lets us create…
Packages downloaded from NPM can fetch dependancies from untrusted sites.
Exclusive Edge, Atlas, Brave among those affected
A critical, currently unpatched bug
The announcement brings Amazon’s total pledged investment in South Korea to $9 billion over the
