Skip to content
The Nexus
DossierENTITY

HashiCorp Vault

Coverage of HashiCorp Vault in the Nexus archive.

Earliest in view: May 29 · 21:46 UTCMost recent: May 29 · 21:46 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 29 · 21:46 UTCTHE REGISTER
    Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

    A lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch, and DevOps libraries, using typosquatting and metadata spoofing to steal cloud credentials and CI/CD secrets. Microsoft reported the attack, which involved a credential-harvesting payload and techniques like inflated version numbers to appear legitimate, with all packages later removed.

HashiCorp Vault · Dossier · The Nexus