Lucene search
K

12 matches found

The Hacker News
The Hacker News
added 2026/04/05 5:7 a.m.8 views

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package...

6.8AI score
Exploits0
Snyk
Snyk
added 2026/04/02 9:0 p.m.8 views

Malicious Package

Overview strapi-plugin-nordica-recon is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:0 p.m.1 views

Malicious Package

Overview strapi-plugin-nordica-deep is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:0 p.m.3 views

Malicious Package

Overview strapi-plugin-nordica-vhost is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:0 p.m.4 views

Malicious Package

Overview strapi-plugin-api is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:0 p.m.5 views

Malicious Package

Overview strapi-plugin-nordica-api is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:0 p.m.2 views

Malicious Package

Overview strapi-plugin-guardarian-ext is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:0 p.m.2 views

Malicious Package

Overview strapi-plugin-health-check is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:0 p.m.3 views

Malicious Package

Overview strapi-plugin-advanced-uuid is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:0 p.m.2 views

Malicious Package

Overview strapi-plugin-sync is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...

9.8CVSS6AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/24 6:30 p.m.6 views

@adishare/strapi-plugin-import-export-entries (=1.23.2), @aller/svelte-components (=1.5.17) +62 more potentially affected by CVE-2025-57350 via csvtojson (=2.0.10)

csvtojson NPM version =2.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on csvtojson and may be impacted: - @adishare/strapi-plugin-import-export-entries =1.23.2 - @aller/svelte-components =1.5.17 - @arisonadim/strapi-plugin-import-export-entries...

8.6CVSS5.8AI score0.00292EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/07/26 12:1 a.m.5 views

@trycar-packages-org/tc-entities-production (=1.0.93), otp-generator-strapi (>=1.0.0 <=1.0.1) +12 more potentially affected by CVE-2021-23451 via otp-generator (>=1.1.0 <=2.0.1)

otp-generator NPM version =1.1.0, =1.0.0, =1.0.4, =1.0.1, =1.0.1, =1.0.80, =0.0.1, =1.2.0, =1.0.1, =1.0.5 Source cves: CVE-2021-23451 Source advisory: OSV:GHSA-6X93-H9G3-9PHR...

9.8CVSS7.2AI score0.00702EPSS
Exploits0
Rows per page
Query Builder