TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

By rooter

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant.
“Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,

Oh hi there đź‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there đź‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

rooter
Cyber Security

Basic Tips To Ensure Online Safety

rooter
Cyber Security

Inconsistent Privacy Labels Don’t Tell Users What They Are Getting

rooter

Leave a Reply

You Missed

News

Grammarly’s sloppelganger saga

News

Ecovacs Winbot W3 Omni Review: Window Cleaning Robots Have a Long Way to Go

News

I’m Worried About the Helpless AI Disruptors of the Future

News

Russia Allegedly Swung at VPNs but Accidentally Hit Its Own Banking Sector Instead