Cybersecurity researchers have discovered 36 malicious
packages in the npm registry that are disguised as Strapi CMS
plugins but come with different payloads to facilitate Redis and
PostgreSQL exploitation, deploy reverse shells, harvest
credentials, and drop a persistent implant. "Every package
contains three files (package.json, index.js, postinstall.js), has
no description, repository,
Read more https://thehackernews.com/2026/04/36-malicious-npm-packages-exploited.html
