{"slug": "lone-attacker-published-14-malicious-npm-packages-mimicking-popular-opensearch", "title": "Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries", "summary": "A lone attacker published 14 malicious npm packages that mimicked popular OpenSearch and Elasticsearch libraries. Microsoft identified and removed the packages, which were designed to trick developers into downloading malware.", "body_md": "### MOST POPULAR\n\n## EVENTS\n\n-\n### Overcoming the trade-offs in data sovereignty\n\nWhat does data sovereignty actually mean for your network, which trade-offs are unavoidable? Learn more.\n\n-\n### From Prompt to Exploit: How LLMs Are Changing API Attacks\n\nModern applications are API-driven, interconnected, and often over-permissioned, making them an ideal target for AI-assisted attacks.\n\n-\n### Architecting the Future: Unlocking Enterprise Data Services for Kubernetes\n\nJoin us to discover how to eliminate infrastructure silos and establish a standardized, enterprise-grade cloud-native platform.\n\n-\n### Catch the Advanced Attacks Microsoft 365 Misses with Behavioral AI Security\n\nMicrosoft 365 is the backbone of enterprise communication, and its native security filters out the known and the noisy.\n\n-\n### Virtual Cyber Recovery Sim\n\nStep into the chaos of a live ransomware breach, test your response skills, and team up with other IT and security pros to outsmart cybercriminals\n\n-\n### Virtual Cyber Recovery Simulation\n\nRansomware attacks aren’t slowing down, and neither are we. Druva’s hit event, Escape Ransomware, is now fully virtual.\n\n-\n### Agentic AI at Scale: From Pilot to Production\n\nJoin us to learn how to unlock real ROI by driving adoption of AI at scale.\n\n[AI](https://beta.theregister.com/tag/ai)\n\n-\nAI + ML\n\n#### AWS reportedly to tuck Elon Musk's Grok into Bedrock, despite zero enterprise demand\n\nThe energy drink of frontier models\n\n-\nSecurity\n\n#### Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries\n\nAnd then Microsoft busted them all\n\n-\nai + ml\n\n#### Okta writes its own license to kill rogue AI agents\n\nCEO Todd McKinnon says customers including ServiceNow want an off switch\n\n-\npublic sector\n\n#### ICE to keep an eye on your eyes under $25M biometric scanner deal\n\nAnd you thought a face recognition app was intrusive?\n\n-\nSecurity\n\n#### No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out\n\nResearcher reported the vuln in March. Maintainers haven't responded to his messages since\n\n[Infosec](https://beta.theregister.com/security)\n\n-\nAI + ML\n\n#### AWS reportedly to tuck Elon Musk's Grok into Bedrock, despite zero enterprise demand\n\nThe energy drink of frontier models\n\n-\nSecurity\n\n#### Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries\n\nAnd then Microsoft busted them all\n\n-\nai + ml\n\n#### Okta writes its own license to kill rogue AI agents\n\nCEO Todd McKinnon says customers including ServiceNow want an off switch\n\n-\npublic sector\n\n#### ICE to keep an eye on your eyes under $25M biometric scanner deal\n\nAnd you thought a face recognition app was intrusive?\n\n-\nSecurity\n\n#### No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out\n\nResearcher reported the vuln in March. Maintainers haven't responded to his messages since\n\n[FOSS](https://beta.theregister.com/tag/FOSS)\n\n-\n#### AWS reportedly to tuck Elon Musk's Grok into Bedrock, despite zero enterprise demand\n\nThe energy drink of frontier models\n\n-\n#### Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries\n\nAnd then Microsoft busted them all\n\n-\n#### Okta writes its own license to kill rogue AI agents\n\nCEO Todd McKinnon says customers including ServiceNow want an off switch\n\n-\n#### ICE to keep an eye on your eyes under $25M biometric scanner deal\n\nAnd you thought a face recognition app was intrusive?\n\n-\n#### No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out\n\nResearcher reported the vuln in March. Maintainers haven't responded to his messages since\n\n-\n#### QEMU mulls relaxing AI contribution ban\n\nRed Hat engineer reckons the balance of risk has shifted, but core code stays off limits\n\n[FEATURES](https://www.theregister.com/tag/features?_gl=1*esekfm*_ga*NzgyNjE4NzEwLjE3NzExNzQ4MjA.*_ga_JXW44Y23NM*czE3NzY3NTY3MjIkbzEwNSRnMSR0MTc3Njc1Njg5NCRqOCRsMCRoMA..)\n\n-\n### Europe built sovereign clouds to escape US control. Then forgot about the processors\n\n-\n### Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data\n\n-\n### Europe wants out from under US tech – but first it has to find the exits\n\n-\n### GNOME may rule Ubuntu Resolute Raccoon, but X.org isn't roadkill yet\n\n-\n### OpenClaw, but in containers: Meet NanoClaw\n\n-\n### Open source registries don't have enough money to implement basic security\n\n-\n### Contain your Windows apps inside Linux Windows\n\n-\n### The Linux mid-life crisis that's an opportunity for Tux-led transformation\n\n-\n### Too much AI for some, too little for others: Why AMD can't win with investors\n\n-\n### How agentic AI can strain modern memory hierarchies", "url": "https://wpnews.pro/news/lone-attacker-published-14-malicious-npm-packages-mimicking-popular-opensearch", "canonical_source": "https://www.theregister.com/security/2026/05/29/14-malicious-npm-packages-impersonated-opensearch-elasticsearch-libraries/5248792", "published_at": "2026-05-29 21:46:34+00:00", "updated_at": "2026-05-30 03:42:14.518016+00:00", "lang": "en", "topics": ["ai-safety"], "entities": ["OpenSearch", "Elasticsearch"], "alternates": {"html": "https://wpnews.pro/news/lone-attacker-published-14-malicious-npm-packages-mimicking-popular-opensearch", "markdown": "https://wpnews.pro/news/lone-attacker-published-14-malicious-npm-packages-mimicking-popular-opensearch.md", "text": "https://wpnews.pro/news/lone-attacker-published-14-malicious-npm-packages-mimicking-popular-opensearch.txt", "jsonld": "https://wpnews.pro/news/lone-attacker-published-14-malicious-npm-packages-mimicking-popular-opensearch.jsonld"}}