VulnHub

Real-time Cybersecurity News

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

The Hacker News
Actively Exploited
Malware

Overview

Researchers have identified malicious code in three versions of the popular npm package node-ipc, specifically versions 9.1.6, 9.2.3, and 12.0.1. This backdoor allows attackers to steal sensitive developer credentials and secrets. Users who have installed these versions are at risk of their private data being compromised. The discovery raises concerns for developers and organizations relying on this package for their applications. Immediate action is needed to mitigate potential damage and secure development environments.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: node-ipc@9.1.6, node-ipc@9.2.3, node-ipc@12.0.1
  • Action Required: Users should remove the affected versions and update to a secure version of node-ipc.
  • Timeline: Newly disclosed

Original Article Summary

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 "Early analysis indicates that node-ipc@9.1.6, node-ipc@9.2.3, and node-ipc@12.0.1

Impact

node-ipc@9.1.6, node-ipc@9.2.3, node-ipc@12.0.1

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should remove the affected versions and update to a secure version of node-ipc. Specific patched versions have not been mentioned.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

American Lending Center Data Breach Affects 123,000 Individuals

SecurityWeek

American Lending Center, a non-bank lender, recently confirmed that a ransomware attack it experienced nearly a year ago has impacted the personal data of approximately 123,000 individuals. The company took time to thoroughly investigate the breach before disclosing it to the public. While specific details about how the attackers gained access or the type of data compromised have not been released, the incident raises concerns about the security of sensitive financial information. Affected individuals may face risks such as identity theft or financial fraud as a result of this breach. It serves as a reminder for companies to prioritize cybersecurity measures to protect client data.

May 15, 2026

Bypassing On-Camera Age-Verification Checks

Schneier on Security

Recent findings reveal that some AI-driven video age-verification systems can be easily deceived using simple disguises, like a fake mustache. This raises significant concerns for platforms relying on these systems to prevent underage access to content. Researchers demonstrated that these AI checks, designed to ensure compliance with age restrictions, may not be as secure as intended. The implications of this vulnerability could be serious, as it allows minors to bypass safeguards meant to protect them. Companies that implement age-verification measures need to reassess their systems to ensure they cannot be easily tricked and to better protect their users.

May 15, 2026

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Help Net Security

Microsoft has issued a warning about a serious cross-site scripting (XSS) vulnerability, identified as CVE-2026-42897, affecting on-premises versions of Microsoft Exchange Server. This vulnerability allows unauthorized attackers to spoof users over a network, posing significant risks to organizations that have not yet applied any fixes. The affected versions include Microsoft Exchange Server Subscription Edition RTM, 2019, and 2016, while Exchange Online remains unaffected. Microsoft is currently working on a permanent fix, but until it is released, they have provided temporary mitigations for users to implement. Organizations using the affected versions should take immediate action to safeguard their systems from potential exploitation.

May 15, 2026

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

SecurityWeek

The hacking group TeamPCP has released the source code for a piece of malware called the Shai-Hulud Worm. This release is particularly concerning as the group is actively encouraging other cybercriminals to utilize the code for supply chain attacks, even offering monetary rewards for successful exploits. Such attacks can have serious implications, as they target the software and services that organizations rely on, potentially compromising a wide range of systems. By making this code publicly available, TeamPCP is increasing the risk of these types of attacks, which could affect various sectors that depend on secure supply chains. Organizations should be vigilant and review their security measures to mitigate potential risks associated with this malware.

May 15, 2026

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

Infosecurity Magazine

Hackers believed to be linked to China have targeted the Indian branch of a major global manufacturer using a new type of malware called TencShell. This malware is based on an open-source offensive toolkit, which suggests that the attackers are utilizing publicly available resources to carry out their operations. The implications of this attack are significant, as it not only affects the manufacturer but also raises concerns about the security of global supply chains. Companies operating in similar sectors should be vigilant, as this incident could indicate a broader trend of targeting multinational firms. The incident underscores the need for enhanced cybersecurity measures across industries to protect against sophisticated attacks.

May 15, 2026

Chrome 148 Update Patches Critical Vulnerabilities

SecurityWeek

Google's latest Chrome update, version 148, addresses several critical vulnerabilities, including a serious use-after-free issue affecting various browser components. This type of vulnerability can allow attackers to execute arbitrary code, potentially leading to unauthorized access or data breaches. Users of Chrome should update to the latest version to ensure their browsers are secure. Keeping browsers up to date is crucial, as these vulnerabilities can be exploited if left unpatched. The update underscores the ongoing need for vigilance in cybersecurity, especially given the frequency of browser-based attacks.

May 15, 2026