Three node-ipc versions contain stealer/backdoor code, exposing developer and cloud secrets to exfiltration.

Three node-ipc versions contain stealer/backdoor code, exposing developer and cloud secrets to exfiltration.

Slowmist confirmed three malicious node-ipc npm versions on May 14, 2026, stealing AWS keys, SSH secrets, and .env files via DNS tunneling.