StepSecurity has detected an active supply chain attack targeting the widely used node-ipc npm package. Three versions (9.1.6, 9.2.3, and 12.0.1) are confirmed compromised, containing obfuscated payloads that exfiltrate cloud credentials, SSH keys, and CI/CD secrets to an external C2 server upon package installation. Developers are advised to immediately remove affected versions, pin to a known-clean release, audit any environments that may have installed these versions, and rotate all secrets if a CI/CD pipeline was affected. Full reverse-engineering of the payload is ongoing.
Sort: