Researchers discovered 36 malicious npm packages masquerading as Strapi CMS plugins that, upon installation, execute a postinstall script to exploit Redis and PostgreSQL instances, deploy reverse shells, harvest credentials, and install a persistent implant. The packages contain three files (package.json, index.js, postinstall.js) and lack descriptions or repository links. IT professionals should scrutinize npm dependencies, particularly obscure packages claiming to be Strapi plugins, and audit systems for unauthorized Redis or PostgreSQL connections.
Advertisement Technology 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants April 5, 2026 The Hacker News Scroll Back Share Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. Every package contains three files (package.json, index.js, postinstall.js), has no description, repository, Read Full Article The Hacker News Coverage and analysis from United States of America . All insights are generated by our AI narrative analysis engine. United States of America Bias: Unknown Advertisement You might also like No recent articles found in this language. Explore More