NPM flooded with malicious packages downloaded more than 86,000 times

Ars Technica
By Dan GoodinOct 29, 2025, 5:04 pm57 pts
Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, laid out Wednesday by security firm Koi, brings attention to an NPM practice that allows installed packages to…

Read Article Share
Share Article
- email
- x.com
- facebook
- pocket
- reddit
- tumblr
- linkedin
- pinterest

Trending Today on Tech News Tube

PixArt becomes first to receive space tech license from Taiwan Space Agency; two more firms to join in 1Q26

Digitimes

PixArt becomes first to receive space tech license from Taiwan Space Agency; two more firms to join in 1Q26 128

Nvidia boss Jensen Huang steers Trump, Congress against AI chip limits and state-level AI rules

TechRadar

Nvidia boss Jensen Huang steers Trump, Congress against AI chip limits and state-level AI rules 126

Taiwan pushes toward robotics-driven healthcare as Foxconn expands AI applications

Digitimes

Taiwan pushes toward robotics-driven healthcare as Foxconn expands AI applications 120

Hanwha Systems develops aerospace-grade transceiver chips for South Korea's military LEO independence

Digitimes

Hanwha Systems develops aerospace-grade transceiver chips for South Korea's military LEO independence 119

Shingles Vaccine Doesn’t Just Lower Dementia Risk, It Could Also Help Treat It

Gizmodo

Shingles Vaccine Doesn’t Just Lower Dementia Risk, It Could Also Help Treat It 112

Moore Threads soars fivefold on STAR Market debut as US$1.07bn fuels AI chip drive

Digitimes

Moore Threads soars fivefold on STAR Market debut as US$1.07bn fuels AI chip drive 103

Samsung previews Exynos 2600, claims to match Apple and Qualcomm chips

Digitimes

Samsung previews Exynos 2600, claims to match Apple and Qualcomm chips 102

Bending Spoons continues its spree of buying famous tech brands with the Eventbrite deal

TechRadar

Bending Spoons continues its spree of buying famous tech brands with the Eventbrite deal 101

About Tech News Tube

Tech News Tube is a real time news feed of the latest technology news headlines.

Follow all of the top tech sites in one place, on the web or your mobile device.

Featured

Over 70 US banks and credit unions…

Over 70 US banks and credit unions affected by Marquis ransomware breach -…

EU Hits Meta With Antitrust Probe Over…

EU Hits Meta With Antitrust Probe Over Plans To Block AI Rivals From WhatsApp

Microsoft 'Mitigates' Windows LNK Flaw…

Microsoft 'Mitigates' Windows LNK Flaw Exploited As Zero-Day

Huge Trove of Nude Images Leaked by AI…

Huge Trove of Nude Images Leaked by AI Image Generator Startup's Exposed…

Amazon’s new Kindle Scribe and Kindle…

Amazon’s new Kindle Scribe and Kindle Scribe Colorsoft launch on December 10

Amazon is reportedly ready to drop its…

Amazon is reportedly ready to drop its USPS deal if negotiations fall through

Microsoft quietly shuts down Windows…

Microsoft quietly shuts down Windows shortcut flaw after years of espionage…

Microsoft quietly patches LNK…

Microsoft quietly patches LNK vulnerability that's been weaponized for years

EU investigating Meta over policy change that bans rival AI chatbots from…

Our highest-rated Xbox controller is…

Our highest-rated Xbox controller is still available for 20% off, and it's got…