36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

The Hacker NewsThe Hacker News
April 5, 2026 at 05:07 AM

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,

Read Full Article
View on Hacker News

Related Articles

Drift says $270 million exploit was a six-month North Korean intelligence operation

Drift says $270 million exploit was a six-month North Korean intelligence operation

Attackers posed as a trading firm, met Drift contributors in person across multiple countries, deposited $1 million of their own capital, and waited half a year before executing the drain CoinDesk detailed earlier this week.

CoinDeskApr 5, 2026, 12:17 PM
Grammarly’s sloppelganger saga

Grammarly’s sloppelganger saga

This is The Stepback, a weekly newsletter breaking down one essential story from the tech world. For more on the ups and downs of AI, follow Stevie Bonifield. The Stepback arrives in our subscribers' inboxes at 8AM ET. Opt in for The Stepback here. How it started Most people probably know Grammarly for its browser extension that suggests how to spruce up your emails, but over the past few years, it's been eyeing bigger ambitions. In October, the company formerly known as Grammarly made a public pivot to rebrand as an AI company called Superhuman. The new name was adopted from Superhuman Mail, an AI email platform that Grammarly acquired i … Read the full story at The Verge.

The VergeApr 5, 2026, 12:00 PM
Ant Group’s blockchain arm unveils platform for AI agents to transact on crypto rails

Ant Group’s blockchain arm unveils platform for AI agents to transact on crypto rails

Anvita includes tokenization services and a platform for agents to coordinate tasks and settle payments in real time using stablecoins.

CoinDeskApr 5, 2026, 12:00 PM
Bitcoin holds steady as sentiment hits worst levels since Iran war began

Bitcoin holds steady as sentiment hits worst levels since Iran war began

Social sentiment, on-chain data, and positioning metrics all hit extremes not seen since late February, even as institutional buying remains elevated.

CoinDeskApr 5, 2026, 11:54 AM
The Hack That Exposed Syria’s Sweeping Security Failures

The Hack That Exposed Syria’s Sweeping Security Failures

When Syrian government accounts were hijacked in March, the breach looked chaotic. But it revealed something more troubling: a state struggling with the most basic layer of cybersecurity.

Wired SecurityApr 5, 2026, 09:00 AM
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation. "An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an

The Hacker NewsApr 5, 2026, 04:32 AM