New Blog: Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised
Edit Calendar Icon 19 May 2026
SafeDep Logo

Strapi Plugin C2 Campaign

36 npm packages impersonating Strapi plugins that deploy Redis RCE, steal databases and maintain persistent command and control.

discovered 2026-04-03
↓ JSON ↓ CSV

Objective

Establish persistent C2 and exfiltrate databases from Strapi deployments.

Packages

Indicators

Techniques

Read the full analysis →