John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
There’s a category of attack that security teams sometimes underweight because it doesn’t look like a breach. No firewall gets bypassed. No external system gets popped. The attacker just waits for a developer to run npm install, and the exfiltration starts.
This week gave us two reminders that this vector is being actively and systematically worked.
88 Packages. One Campaign. Your AWS Keys.
PhantomRaven is back. It’s a repeat attacker, an organized campaign that places malicious packages in the npm registry designed to look like legitimate dependencies. The latest wave is 88 packages, all doing the same thing: silently stealing environment variables, credentials, and cloud access keys from any machine that installs them.
The targets aren’t random. AWS credentials. CI/CD pipeline secrets. GitHub tokens. Internal API keys. These are the keys that let attackers move laterally from a developer’s laptop straight into production infrastructure.
And they move fast. A related attack chain through UNC6426 showed attackers going from initial npm install to AWS administrator access within 72 hours. That’s not a slow burn. That’s a sprint.
The PhantomRaven packages have likely been pulled from the registry by now, but the attack infrastructure persists. This is a campaign, not a one-off.
simple-git: CVSS 9.8 (With a Caveat)
The second story needs a confidence disclaimer upfront. CVE-2026-28292 in simple-git is currently reported by a researcher blog and a Reddit netsec thread. It hasn’t been confirmed by NVD, BleepingComputer, or CISA KEV yet.
But the underlying claim is technically coherent and worth watching. simple-git is used by countless JavaScript and Node.js applications to interface with Git repos. It’s in CI/CD systems, build tools, all over the place. The flaw is a case-sensitivity bypass that enables arbitrary command execution. The library validates inputs with case-sensitive logic, but the underlying OS handles things case-insensitively. That gap allows argument injection.
If the critical severity rating holds up, any application passing user-controlled inputs to simple-git’s Git operations is potentially exposed to remote code execution.
Watch for major outlet confirmation. If BleepingComputer or THN pick this up, it becomes a top-tier patching priority.
Two Roads, Same Destination
PhantomRaven (malicious packages pretending to be legit) and a critical RCE in a real, widely-used package represent opposite ends of the same attack category. In one case, attackers create a fake package and wait. In the other, a real package has a vulnerability that can be exploited. Both routes end at the same place: attacker code executing in your build environment, with access to whatever secrets that environment holds.
The npm ecosystem’s fundamental model (install thousands of community packages, inherit their risks) creates systemic exposure that’s genuinely hard to fully audit. And the UNC6426 timeline drives it home: 72 hours from npm install to AWS admin access. That’s how fast the pipeline from developer workstation to cloud environment can be traversed.
What to do right now:
- Run
npm auditand review for PhantomRaven-associated packages - Check your simple-git version and monitor for the CVE-2026-28292 patch
- Review CI/CD pipeline permissions. Does your CI really need AWS admin credentials, or can it run with scoped IAM roles?
- Consider dependency locking and verified package hashes in production builds
- Treat CI/CD environment secrets as potentially compromised until confirmed clean
The threat surface runs from code to cloud. And it’s getting worked hard.