Malicious NPM packages target Strapi users with multi‑stage payloads.

A new supply chain attack planted 36 malicious NPM packages tailored to the Strapi ecosystem, delivering payloads capable of Redis code execution, Docker escapes, credential theft, and reverse shells. SafeDep says the campaign focused on Guardarian, pointing to database probing, use of its API module, and searches for wallet files. The attackers cycled through multiple techniques, shifting from aggressive exploitation attempts to reconnaissance and persistent access. Strapi users who installed the packages are urged to rotate all credentials, including database passwords, API keys, and JWT secrets.

Read more:

https://www.securityweek.com/guardarian-users-targeted-with-malicious-strapi-npm-packages/