breachPublished May 14, 2026· Updated May 18, 2026· 2 sources
Popular node-ipc npm package compromised to steal credentials
Malicious versions of the widely used node-ipc npm package have been discovered containing obfuscated code designed to steal cloud credentials, SSH keys, and CI/CD secrets from developer machines.

The article about three additional malicious versions of node-ipc (9.1.6, 9.2.3, 12.0.1) containing obfuscated stealer/backdoor behavior is being appended to the existing story about the node-ipc compromise.
Synthesized by Vypr AI