Skip to content
The Nexus
DossierENTITY

vpmdhaj

Coverage of vpmdhaj in the Nexus archive.

Earliest in view: May 29 · 21:46 UTCMost recent: May 29 · 21:46 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 29 · 21:46 UTCTHE REGISTER
    Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

    A lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch, and DevOps libraries, using typosquatting and metadata spoofing to steal cloud credentials and CI/CD secrets. Microsoft reported the attack, which involved a credential-harvesting payload and techniques like inflated version numbers to appear legitimate, with all packages later removed.