Lucene search
K

1340 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 7:5 p.m.7 views

Malicious code in strapi-plugin-nordica-recon (npm)

strapi-plugin-nordica-recon is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 7:4 p.m.2 views

MAL-2026-2475 Malicious code in strapi-plugin-nordica-lite (npm)

strapi-plugin-nordica-lite is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 7:4 p.m.8 views

Malicious code in strapi-plugin-nordica-tools (npm)

strapi-plugin-nordica-tools is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 5:28 p.m.7 views

Malicious code in strapi-plugin-locale (npm)

strapi-plugin-locale is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 5:27 p.m.9 views

Malicious code in strapi-plugin-api (npm)

strapi-plugin-api is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. It...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 5:26 p.m.8 views

Malicious code in strapi-plugin-form (npm)

strapi-plugin-form is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 5:24 p.m.10 views

Malicious code in strapi-plugin-seed (npm)

strapi-plugin-seed is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 5:24 p.m.1 views

MAL-2026-2485 Malicious code in strapi-plugin-sync (npm)

strapi-plugin-sync is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 5:23 p.m.4 views

Malicious code in strapi-plugin-health (npm)

strapi-plugin-health is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 4:13 p.m.5 views

MAL-2026-2470 Malicious code in strapi-plugin-monitor (npm)

strapi-plugin-monitor is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 4:11 p.m.5 views

Malicious code in strapi-plugin-core (npm)

strapi-plugin-core is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 4:11 p.m.3 views

MAL-2026-2456 Malicious code in strapi-plugin-core (npm)

strapi-plugin-core is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 4:10 p.m.5 views

Malicious code in strapi-plugin-server (npm)

strapi-plugin-server is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6.1AI score
Exploits0References1
OSV
OSV
added 2026/04/03 4:10 p.m.3 views

MAL-2026-2483 Malicious code in strapi-plugin-server (npm)

strapi-plugin-server is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score
Exploits0References1
OSV
OSV
added 2026/04/03 4:10 p.m.4 views

MAL-2026-2454 Malicious code in strapi-plugin-config (npm)

strapi-plugin-config is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 4:9 p.m.9 views

Malicious code in strapi-plugin-cron (npm)

strapi-plugin-cron is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
OSV
OSV
added 2026/04/03 4:9 p.m.5 views

MAL-2026-2457 Malicious code in strapi-plugin-cron (npm)

strapi-plugin-cron is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/03 1:30 p.m.1 views

Embedded Malicious Code

Overview mgc is a Module Generate Cli Affected versions of this package are vulnerable to Embedded Malicious Code. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and the author of this package. RAT Behavior The package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/04/02 6:34 p.m.4 views

GHSA-658G-P7JG-WX5G Axios npm Supply Chain Incident Impacting @usebruno/cli

Impact This is a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran npm install between 00:21 UTC and 03:30 UTC on March 31, 2026 may have been...

9.8CVSS5.9AI score0.00234EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/02 6:34 p.m.13 views

Axios npm Supply Chain Incident Impacting @usebruno/cli

Impact This is a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran npm install between 00:21 UTC and 03:30 UTC on March 31, 2026 may have been...

9.8CVSS5.9AI score0.00234EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder