NPM flooded with malicious packages downloaded more than 86,000 times

Ars Technica
By Dan GoodinOct 29, 2025, 5:04 pm77 pts
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, laid out Wednesday by security firm Koi, brings attention to an NPM practice that allows installed packages to…

Read Article Share
Share Article
- email
- x.com
- facebook
- pocket
- reddit
- tumblr
- linkedin
- pinterest

Trending Today on Tech News Tube

AI Fails at Most Remote Work, Researchers Find

Slashdot

AI Fails at Most Remote Work, Researchers Find 128

UK government exempting itself from flagship cyber law inspires little confidence

The Register

UK government exempting itself from flagship cyber law inspires little confidence 128

Indonesia blocks Grok over non-consensual, sexualized deepfakes

TechCrunch

Indonesia blocks Grok over non-consensual, sexualized deepfakes 127

OpenAI is reportedly asking contractors to upload real work from past jobs

TechCrunch

OpenAI is reportedly asking contractors to upload real work from past jobs 126

SpaceX gets FCC approval to launch 7,500 more Starlink satellites

TechCrunch

SpaceX gets FCC approval to launch 7,500 more Starlink satellites 124

The FCC is letting SpaceX launch 7,500 more Starlink satellites

The Verge

The FCC is letting SpaceX launch 7,500 more Starlink satellites 120

GameStop reportedly shuts down more than 400 US stores

Engadget

GameStop reportedly shuts down more than 400 US stores 117

Security News This Week: ICE Can Now Spy on Every Phone in Your Neighborhood

Wired

Security News This Week: ICE Can Now Spy on Every Phone in Your Neighborhood 110

About Tech News Tube

Tech News Tube is a real time news feed of the latest technology news headlines.

Follow all of the top tech sites in one place, on the web or your mobile device.

Featured

C# (and C) Grew in Popularity in 2025,…

C# (and C) Grew in Popularity in 2025, Says TIOBE

How to watch Industry season 4 online…

How to watch Industry season 4 online from anywhere — stream the financial…

I tested the Canon EOS R6 Mark III —…

I tested the Canon EOS R6 Mark III — it's a near-perfect hybrid camera, with…

Did You Get an Instagram Password Reset…

Did You Get an Instagram Password Reset Email Recently? This Might Be the Very…

Elon Musk says X's new algorithm will be…

Elon Musk says X's new algorithm will be made open source next week

Forget what you’ve heard – leasing…

Forget what you’ve heard – leasing your car is almost ALWAYS the right move

AI-Powered Social Media App Hopes To…

AI-Powered Social Media App Hopes To Build More Purposeful Lives

SAG-AFTRA Is Keeping an Eye on the…

SAG-AFTRA Is Keeping an Eye on the Disney/OpenAI Deal

Elon Musk Says In One Week He Will Fully…

Elon Musk Says In One Week He Will Fully Reveal Why Your X Timeline Is… Like…

I tested the Leica Q3 Monochrom – it's…

I tested the Leica Q3 Monochrom – it's a top digital camera for…