Tagged articles

Lily Pad attack

1 articles · Page 1 of 1
Black & White Path
Black & White Path
May 16, 2026 · Information Security

Node‑ipc Hit Again: Inside the Second Wave of npm Supply‑Chain Attacks

On May 14, 2026, security teams uncovered three malicious node‑ipc npm releases that used a Lily‑Pad account‑hijack technique to inject an 80 KB obfuscated payload, exfiltrate credentials via DNS TXT tunneling, and prompt immediate version audits and credential rotation.

Credential TheftLily Pad attackSupply Chain Attack
0 likes · 5 min read
Node‑ipc Hit Again: Inside the Second Wave of npm Supply‑Chain Attacks