Lone Attacker Published 14 Malicious Npm Packages Mimicking Popular OpenSearch, Elasticsearch Libraries

Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries

A single npm user on Thursday published 14 malicious packages within a four-hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment-configuration libraries, according to Microsoft. It’s the latest in a seemingly never-ending string of supply chain attacks targeting developer tools, and stealing cloud credentials and CI/CD pipeline secrets in its wake. Using a newly created maintainer alias, vpmdhaj (a39155771@gmail[…

Typosquatted npm Packages Steal Cloud and CI/CD Secrets From Developer Systems

A new wave of malicious software packages has been caught stealing cloud credentials and CI/CD pipeline secrets from developer machines, raising fresh alarms about the security of the open-source software supply chain. The attack, uncovered on May 28, 2026, shows just how easy it has become for bad actors to slip dangerous code into the hands of unsuspecting developers through a simple naming trick that deliberately exploits human error at scale…