All news

open-source-security

(2 articles)
36 Malicious npm Packages Exploited Redis and PostgreSQL to Deploy Persistent Implants

April 5, 2026

36 Malicious npm Packages Exploited Redis and PostgreSQL to Deploy Persistent Implants

36 rogue npm packages abused Redis and PostgreSQL connections to plant persistent backdoors. Here is what happened and how to protect your supply chain.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

April 3, 2026

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Threat actor UNC1069 targeted an Axios maintainer via social engineering, compromising the npm package in a dangerous supply chain attack.