12 matches found
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package...
Malicious Package
Overview strapi-plugin-nordica-recon is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...
Malicious Package
Overview strapi-plugin-nordica-deep is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...
Malicious Package
Overview strapi-plugin-nordica-vhost is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...
Malicious Package
Overview strapi-plugin-api is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...
Malicious Package
Overview strapi-plugin-nordica-api is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...
Malicious Package
Overview strapi-plugin-guardarian-ext is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These package...
Malicious Package
Overview strapi-plugin-health-check is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...
Malicious Package
Overview strapi-plugin-advanced-uuid is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...
Malicious Package
Overview strapi-plugin-sync is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...
@adishare/strapi-plugin-import-export-entries (=1.23.2), @aller/svelte-components (=1.5.17) +62 more potentially affected by CVE-2025-57350 via csvtojson (=2.0.10)
csvtojson NPM version =2.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on csvtojson and may be impacted: - @adishare/strapi-plugin-import-export-entries =1.23.2 - @aller/svelte-components =1.5.17 - @arisonadim/strapi-plugin-import-export-entries...
@trycar-packages-org/tc-entities-production (=1.0.93), otp-generator-strapi (>=1.0.0 <=1.0.1) +12 more potentially affected by CVE-2021-23451 via otp-generator (>=1.1.0 <=2.0.1)
otp-generator NPM version =1.1.0, =1.0.0, =1.0.4, =1.0.1, =1.0.1, =1.0.80, =0.0.1, =1.2.0, =1.0.1, =1.0.5 Source cves: CVE-2021-23451 Source advisory: OSV:GHSA-6X93-H9G3-9PHR...