#opensearchelasticsearch-ecosystem

[ follow ]
#npm-supply-chain-attacks #cloud-credential-theft #cicd-pipeline-compromise #typosquatting
Information security
fromtheregister
15 hours ago

Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

A single npm user published 14 malicious packages impersonating OpenSearch/Elasticsearch libraries to steal AWS, Vault, and CI/CD secrets.
[ Load more ]