Hackers Exploit NPM Package System to Target 135 Industrial Companies

Cybercriminals exploit unpkg.com to phish credentials from 135+ companies, using fake packages and phishing pages for targeted attacks.

By Content Team

Oct 13, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals are using a clever new approach called "Beamglea" to phish credentials from industrial and electronics companies. Instead of injecting malicious code into NPM packages, they're abusing the legitimate unpkg.com CDN service to host phishing pages.

The attackers created 175 fake packages with names like "redirect-[random6chars]" that redirect victims to credential-stealing sites. They've targeted over 135 organizations including ArcelorMittal, D-Link, and ThyssenKrupp Nucera, generating 630+ HTML files disguised as purchase orders and technical documents.

Using automated Python tools, hackers customize attacks for each victim, pre-filling email addresses to make phishing pages appear legitimate. The campaign has accumulated 26,000 downloads, though many come from security researchers analyzing the threat.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Finland's Biggest Crime: Hacker Held 33,000 Therapy Records for Ransom

Jan 20, 2026

Critical Google Looker Flaws Let Attackers Access Multiple Companies' Data

Feb 6, 2026

France's Post Office Hit by Cyber-Attack Three Days Before Christmas

Dec 23, 2025

Hackers Selling $220,000 Windows Zero-Day Exploit on Dark Web

Mar 9, 2026