high Code Vulnerability
36 Malicious npm Packages Exploiting Redis/PostgreSQL
| Severity | high |
| Status | open |
| Date | April 7, 2026 |
| Affects | npm ecosystem — Redis and PostgreSQL users |
| Source | thehackernews.com |
Details
36 malicious npm packages discovered in April 2026 that exploit Redis and PostgreSQL connections to deploy persistent implants on developer machines. Part of the broader surge in supply chain attacks targeting package registries.