[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:malicious-npm-packages-abuse-dependency-confusion-to-profile-developer-environme-mptociwd":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":15,"article_ids":16,"ioc_summary":18,"source_urls":19,"status":21,"expires_at":22,"created_at":23,"updated_at":24,"articles":25},"2139efba-8f5a-4c44-a944-f72e3652a500","Malicious npm packages abuse dependency confusion to profile developer environments","malicious-npm-packages-abuse-dependency-confusion-to-profile-developer-environme-mptociwd","A single threat actor registered 33 malicious npm packages under spoofed organizational scopes (including Sberbank) to exploit dependency confusion. The packages execute obfuscated postinstall hooks during npm install to exfiltrate system info, hostnames, environment variables, and credentials. A server-side flag enables follow-on exploitation.","critical","advisory",[],[13,14],"Microsoft","Sberbank","Audit npm dependency trees for packages under organizational scopes published May 28-29, 2026. Cross-reference against your actual internal package registries. Block and revoke any suspicious package installs and scan affected developer machines for credential theft and lateral movement.",[17],"5a72188a-6559-4655-af94-dcb7e9dc1172",null,[20],"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F05\u002F29\u002F33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments\u002F","active","2026-06-02T11:06:20.414+00:00","2026-05-31T11:06:22.82555+00:00","2026-05-31T11:06:28.073456+00:00",[26],{"id":17,"title":6,"url":20}]