网络安全研究人员在npm注册表中发现了36个恶意包，这些包伪装成Strapi CMS插件，但携带不同的有效载荷，用于Redis和PostgreSQL利用、部署反向Shell、收集凭据并投放持久化植入程序。

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

网络安全研究人员在npm仓库中发现36个恶意软件包，伪装成Strapi CMS插件，通过不同载荷实现Redis和PostgreSQL漏洞利用、部署反向Shell、收集凭据并投放持久化植入程序。这些包遵循相同命名规则，以"strapi-plugin-"开头欺骗开发者下载。攻击载荷通过postinstall脚本执行，具备容器逃逸、数据库利用、凭据窃取等功能，疑似针对加密货币平台的定向攻击。

PALO ALTO, Calif., June 9, 2020 /PRNewswire/ -- ScaleGrid, a leading Database-as-a-Service (DBaaS) provider, has just announced support for their MySQL, PostgreSQL and Redis™ solutions on DigitalOcean ...

Akamai Technologies Inc. is accelerating its evolution to support developers with the launch today of a new managed database service powered by Linode. The new offering supports MySQL, PostgreSQL, ...