Skip to content
The Nexus
SECURITYMay 29 · 21:46 UTCTHE REGISTER

Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

A lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch, and DevOps libraries, using typosquatting and metadata spoofing to steal cloud credentials and CI/CD secrets. Microsoft reported the attack, which involved a credential-harvesting payload and techniques like inflated version numbers to appear legitimate, with all packages later removed.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this