Security researchers identified six malicious Composer packages on Packagist masquerading as OphimCMS themes. These packages contain trojanized JavaScript that executes client-side attacks, including URL exfiltration, ad injection, and redirects to gambling sites operated by the OFAC-sanctioned FUNNULL network.