Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Beamglea malicious npm phishing campaign

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

The Beamglea phishing operation is using 175 malicious npm packages and unpkg.com redirect scripts to funnel victims to credential-harvesting pages, broadening risk across a wide set of organizations. The infrastructure has already been downloaded 26,000 times and is tied to targeting more than 135 industrial, technology, and energy companies worldwide. The packages do not execute malicious code on install; instead, they support victim-specific HTML payloads that trigger browser redirects. That setup turns trusted package hosting into a scalable phishing delivery channel.

Related Happenings

Shai-Hulud worm clone activity on NPM

Malware Activity
First: 18.05.2026 12:45 Last: 18.05.2026 12:45 Sources 1

About this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...

Open Happening

Mini Shai-Hulud npm supply-chain malware wave

Malware Activity
First: 12.05.2026 14:07 Last: 12.05.2026 14:07 Sources 1

About this happening: The **Sha1-Hulud** npm supply-chain campaign is a fresh **second wave** of **Shai-Hulud**-style activity that has compromised **hundreds of npm packages**. The malware runs during...

Open Happening

Npm typosquatting campaign distributing WinOS 4.0 implant

Campaign
First: 09.05.2026 17:26 Last: 09.05.2026 17:26 Sources 1

About this happening: A **npm typosquatting campaign** distributing the **WinOS 4.0 implant** overlapped with malicious repository activity, indicating a broader coordinated distribution effort beyond...

Open Happening

BufferZoneCorp sleeper-package supply chain campaign

Campaign
First: 01.05.2026 12:43 Last: 01.05.2026 12:43 Sources 1

About this happening: The **BufferZoneCorp** software supply chain campaign is pushing **malicious Ruby gems and Go modules** that can steal credentials, tamper with **GitHub Actions**, and persist on...

Open Happening

GitHub fake VS Code alert spam campaign

Campaign
First: 27.03.2026 18:51 Last: 27.03.2026 18:51 Sources 1

About this happening: A coordinated **GitHub Discussions** spam campaign is posting fake **Visual Studio Code** security alerts to lure developers into **malware downloads**, reaching **thousands of re...

Open Happening

Timeline

  1. 10.10.2025 13:45 2 articles · 7mo ago

    Researchers flag Beamglea malicious npm packages used for credential phishing

    Initial Disclosure

    Cybersecurity researchers identified 175 malicious packages on the npm registry that were being used as infrastructure for the Beamglea phishing campaign, which targeted more than 135 industrial, technology, and energy companies worldwide. The packages had been collectively downloaded 26,000 times and abused npm and the unpkg.com CDN to host redirect scripts that loaded JavaScript from unpkg.com, injected victim email addresses, and sent victims to Microsoft credential-harvesting pages.

    Show sources
    Open in new tab