Bug Bounty And Vuln HuntingVuln Item

Malicious npm packages posing as Strapi plugins with Redis RCE and database theft

April 4, 2026The Hacker News, Nicolas Krassas, The Cyber Security Hub™

The Hacker News and others warn 36 npm packages masquerading as Strapi plugins delivered malware on install, exploiting Redis and PostgreSQL to steal credentials and deploy backdoors.

Open in PulseSee the full authority discussion →

QUOTES

36 npm packages posing as Strapi plugins were used to deliver malware that runs on install.

They exploited Redis and PostgreSQL, stole credentials, and deployed backdoors via postinstall scripts with full user or CI/CD access.

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Malicious npm Strapi Packages Deploy Redis RCE, Database Theft

Someone is actively publishing malicious packages targeting the Strapi plugin ecosystem right now

VOICES

The Hacker News

Nicolas Krassas

The Cyber Security Hub™

/r/netsec

RELATED TERMS

npmstrapircesupply chainnpmrcesupply chaincredentials storednpm supplynpm installnpm packagemalicious coderce vulnerability

OTHER FINDINGS IN BUG BOUNTY AND VULN HUNTING

Axios npm supply chain attack delivering cross platform rat via compromised maintainer OpenClaw privilege escalation via pair approve command DarkSword/Coruna iOS exploit kits expanding beyond nation-state use

AMYGDALA PULSE

See what authorities are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new authority voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security