Security News > 2023 > September > Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys

Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
2023-09-20 10:13

Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far: @am-fe/hooks, @am-fe/provider, @am-fe/request, @am-fe/utils, @am-fe/watermark, @am-fe/watermark-core,


News URL

https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kubernetes 19 12 49 24 6 91
SSH 7 1 7 4 2 14