A coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a range of payloads including Redis remote code execution (RCE), credential harvesting, and persistent command-and-control (C2) malware. The campaign was carried out using four sock-puppet npm accounts umarbek1233, kekylf12, tikeqemif26, and umar_bektembiev1. Unlike typical npm spam […] The post 36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/36-malicious-strapi-npm/
