Researchers Uncover 36 Rogue npm Packages Delivering Redis RCE and Persistent Malware

Mon Apr 06 2026

Malware

Open Source

Vulnerability

cyberpress.org

Cybersecurity researchers have uncovered a sophisticated supply-chain attack involving 36 malicious npm packages masquerading as plugins for the popular Strapi content management system. These packages were published using multiple fake developer accounts. They were designed to target real-world production environments with advanced exploitation techniques. The malicious packages mimicked legitimate Strapi plugin naming conventions to trick […] The post Researchers Uncover 36 Rogue npm Packages Delivering Redis RCE and Persistent Malware appeared first on Cyber Security News.