thehackernews.com·Apr 5, 2026
Researchers found 36 malicious npm packages posing as Strapi CMS plugins, designed to exploit Redis and PostgreSQL, deploy reverse shells, steal credentials, and install persistent implants, with each package lacking a description or repository.
For a professional interested in cybersecurity and threat intelligence, the discovery of 36 malicious npm packages masquerading as Strapi CMS plugins highlights the urgent need for vigilant supply chain security practices. It is crucial to implement stringent package vetting procedures and continuous monitoring of dependencies to prevent exploitation through such disguised threats, particularly where they target databases like Redis and PostgreSQL.