Typosquatted npm Packages Steal Cloud and CI/CD Secrets
Source: Gbhackers
Published:
<p>A coordinated npm supply chain attack has been uncovered targeting developers working with OpenSearch, ElasticSearch, and DevOps tooling, with attackers actively stealing cloud credentials and CI/CD secrets from infected systems. The malicious packages imitate legitimate libraries by using lookal