Valid certificates, stolen accounts: how attackers broke npm's last trust signal

VentureBeat
May 22, 2026, 6:21 pm117 ptsTrending
On May 19, 633 malicious npm package versions passed Sigstore provenance verification. They were cleared by the system because the attacker had generated valid signing certificates from a compromised maintainer account. Sigstore worked exactly as designed: it verified the package was built in a CI environment,…

Read Article Share
Share Article
- email
- x.com
- facebook
- pocket
- reddit
- tumblr
- linkedin
- pinterest

Trending Today on Tech News Tube

NYT Connections hints and answers for Saturday, May 23 (game #1077)

TechRadar

NYT Connections hints and answers for Saturday, May 23 (game #1077) 128

NYT Strands hints and answers for Saturday, May 23 (game #811)

TechRadar

NYT Strands hints and answers for Saturday, May 23 (game #811) 125

Google is currently struggling to define words like disregard, stop and ignore

Engadget

Google is currently struggling to define words like disregard, stop and ignore 124

Interview: XCaliber challenges million-dollar missile defenses with cheap drone interceptors

Digitimes

Interview: XCaliber challenges million-dollar missile defenses with cheap drone interceptors 124

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

The Register

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale 124

Cheap Garmin alert! The Garmin Forerunner 165 is getting discounted thanks to it's successor being announced, and it's a perfect summer running watch pick

TechRadar

Cheap Garmin alert! The Garmin Forerunner 165 is getting discounted thanks to it's successor being announced, and it's a perfect summer running watch pick 123

Quordle hints and answers for Saturday, May 23 (game #1580)

TechRadar

Quordle hints and answers for Saturday, May 23 (game #1580) 121

VentureBeat

Valid certificates, stolen accounts: how attackers broke npm's last trust signal 117

About Tech News Tube

Tech News Tube is a real time news feed of the latest technology news headlines.

Follow all of the top tech sites in one place, on the web or your mobile device.

Featured

Hengs lists on Taiwan Innovation Board…

Hengs lists on Taiwan Innovation Board to scale solar-plus-storage across…

Tech Forum 2026: Autonomous driving…

Tech Forum 2026: Autonomous driving enters commercial validation era, shifting…

Taiwan power chip maker Panjit targets…

Taiwan power chip maker Panjit targets AI and robotics for next growth phase

Pentagon Releases Second Batch of UFO…

Pentagon Releases Second Batch of UFO Videos, First-Hand Testimony

Another major Linux security flaw…

Another major Linux security flaw revealed — nine-year old issue could spell…

12 superb smart BBQs that take care of…

12 superb smart BBQs that take care of cooking for you, for the ultimate in…

Is the JBL Go 5 worth buying now that…

Is the JBL Go 5 worth buying now that the JBL Go 4 is cheaper? After testing…

SpaceX's Upgraded Starship V3 Launches…

SpaceX's Upgraded Starship V3 Launches For First Time

Still using coffee capsules? You're not…

Still using coffee capsules? You're not alone, but brewing with fresh beans can…

'Today’s disruptive environment is…

'Today’s disruptive environment is anything but normal': Report warns younger…