A significant rise in NPM packages with embedded malware has been reported, affecting popular packages like coa, rc, and ua-parser. This raises serious concerns over the ecosystem's security.