Malicious code in commerce-utils (npm)

Malicious package due to data exfiltration to a suspicious host, combined with arbitrary code execution during preinstall. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb3d6d3a8a8898abe7e371e54753d5902a5062151888ccff6c656f5edac6ba6 The package commerce-utils...

A week in security (March 30 – April 5)

Last week on Malwarebytes Labs: That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords Blocking children from social media is a badly executed good idea Apple expands "DarkSword" patches to iOS 18.7.7 Malwarebytes Privacy VPN receives full third-party audit Wikipedia’s AI...

Malicious code in chess-sec-ssrf1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25205345915fdf089bcbd90b35f9e852c02281bd7452805479d18c610063ac52 The package chess-sec-ssrf1 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2496 Malicious code in chess-sec-ssrf1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25205345915fdf089bcbd90b35f9e852c02281bd7452805479d18c610063ac52 The package chess-sec-ssrf1 was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2495 Malicious code in cloudera (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11ddf3c5a1eb28ca1531748670bd932bda38d78b04ae81c983361465a2076f57 The package cloudera was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @needl-ai/common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1b98ae2755d0fd7d61bc3dfd378dc1bad2eadf7ef0033ba66bbf1383a711e5c The package @needl-ai/common was found to contain malicious code. Source: ossf-package-analysis...

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package...

Malicious code in strapi-plugin-health-check (npm)

strapi-plugin-health-check is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

MAL-2026-2474 Malicious code in strapi-plugin-nordica-deep (npm)

strapi-plugin-nordica-deep is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

MAL-2026-2477 Malicious code in strapi-plugin-nordica-stage (npm)

strapi-plugin-nordica-stage is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

MAL-2026-2476 Malicious code in strapi-plugin-nordica-recon (npm)

strapi-plugin-nordica-recon is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

Malicious code in strapi-plugin-nordica-cms (npm)

strapi-plugin-nordica-cms is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

MAL-2026-2473 Malicious code in strapi-plugin-nordica-cms (npm)

strapi-plugin-nordica-cms is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

Malicious code in strapi-plugin-nordica-lite (npm)

strapi-plugin-nordica-lite is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

MAL-2026-2479 Malicious code in strapi-plugin-nordica-tools (npm)

strapi-plugin-nordica-tools is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

MAL-2026-2468 Malicious code in strapi-plugin-locale (npm)

strapi-plugin-locale is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

MAL-2026-2481 Malicious code in strapi-plugin-notify (npm)

strapi-plugin-notify is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

MAL-2026-2482 Malicious code in strapi-plugin-seed (npm)

strapi-plugin-seed is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...

Malicious code in strapi-plugin-logger (npm)

strapi-plugin-logger is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

Malicious code in strapi-plugin-monitor (npm)

strapi-plugin-monitor is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...