Tag: Slopsquatting
-
PhantomRaven Attack: New Malware Steals CI/CD Secrets via AI Slopsquatting on npm
The ongoing PhantomRaven campaign has targeted developers via the npm registry, disseminating dozens of malicious packages across the ecosystem in a short span. Embedded within these packages, malicious code harvests authentication tokens, CI/CD secrets, and GitHub credentials—enabling stealthy injection of changes into third-party projects and facilitating supply-chain attacks. Koi Security reports the operation began in…
-
AI Coding Assistants Under Attack: “Slopsquatting” Malware Exploits AI Hallucinations for Supply Chain Compromise
A new threat has emerged in the realm of AI-assisted programming, known as “slopsquatting.” This attack has become particularly dangerous amid the surging popularity of AI coding assistants like Claude Code CLI, OpenAI Codex CLI, and Cursor AI—tools widely adopted by developers for automatic code generation and dependency suggestion. Unlike the more familiar typosquatting attacks,…