A coordinated npm supply chain attack has been uncovered targeting developers working with OpenSearch, ElasticSearch, and DevOps tooling, with attackers actively stealing cloud credentials and CI/CD secrets from infected systems. The malicious packages imitate legitimate libraries by using lookalike names such as opensearch-setup and elastic-opensearch-helper, while falsely linking to the official OpenSearch GitHub repository in […]

The post Typosquatted npm Packages Steal Cloud and CI/CD Secrets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/typosquatted-npm-packages/