BeyondMachines 
36 Malicious npm Packages Target Guardarian Infrastructure via Strapi Plugins
A coordinated supply chain attack involving 36 malicious npm packages targeted the cryptocurrency platform Guardarian to steal database credentials and wallet keys. The campaign exploited Redis and Docker vulnerabilities to deploy persistent, fileless backdoors on production Strapi CMS servers.
**If you use Strapi, immediately audit your node_modules for any of these 36 malicious packages: legitimate Strapi plugins are always scoped under @strapi/, so any unscoped strapi-plugin-* package should be treated as suspicious and removed. If any were installed, assume full compromise: rotate all credentials, secrets, and keys, revoke database and API tokens, and investigate your environment for reverse shells or unauthorized cron jobs.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/36-malicious-npm-packages-target-guardarian-infrastructure-via-strapi-plugins-0-y-5-g-3/gD2P6Ple2L
36 Malicious npm Packages Target Guardarian Infrastructure via Strapi Plugins
A coordinated supply chain attack involving 36 malicious npm packages targeted the cryptocurrency platform Guardarian to steal database credentials and wallet keys. The campaign exploited Redis and Docker vulnerabilities to deploy persistent, fileless backdoors on production Strapi CMS servers.