{ "title": "vpmdhaj npm OpenSearch Typosquats Steal Cloud and CI/CD Secrets", "summary": "Microsoft reported 14 typosquatted npm packages under the vpmdhaj scope that impersonated OpenSearch, AWS SDK, STS, and Bun packages while collecting AWS, GitHub Actions, npm, Vault, Kubernetes, SSH, and local cloud configuration secrets.", "date": "2026-05-28", "severity": "critical", "tags": [ "npm", "typosquatting", "supply-chain", "credential-theft", "ci-cd" ], "sources_count": 6, "indicators": { "slug": "vpmdhaj-npm-opensearch-typosquats", "since": "2026-05-28T00:00:00Z", "until": "2026-05-28T23:59:59Z", "ecosystem": "npm, node, bun, ci-cd, cloud npm", "cves": [], "cwes": [], "advisoryIds": [], "products": [], "packages": [ "@vpmdhaj/opensearch-setup", "@vpmdhaj/elastic-helper", "@vpmdhaj/aws-compat", "@vpmdhaj/aws-credential-provider-env", "@vpmdhaj/aws-credential-provider-http", "@vpmdhaj/aws-sdk-client-opensearch", "@vpmdhaj/aws-sdk-client-sts", "@vpmdhaj/aws-sdk-credential-provider-node", "@vpmdhaj/aws-sdk-types", "@vpmdhaj/bun", "@vpmdhaj/opensearch", "@vpmdhaj/opensearch-project", "@vpmdhaj/opensearch-js", "@vpmdhaj/sts-client" ], "versions": [ "@vpmdhaj/opensearch-setup@1.0.9102", "@vpmdhaj/opensearch-setup@1.0.9103", "@vpmdhaj/elastic-helper@1.0.7267", "@vpmdhaj/elastic-helper@1.0.7268", "@vpmdhaj/elastic-helper@1.0.7269", "@vpmdhaj/elastic-helper@1.0.7270" ], "affectedVersions": [], "fixedVersions": [], "files": [], "paths": [ "/api/b" ], "services": [], "domains": [ "aab.sportsontheweb.net", "www.sportsontheweb.net" ], "urls": [], "ips": [], "hashes": [ "a39155771e93e65b05195c8a705dfc03aa85c2ec682505f0d557233a8f275145", "9d962ed605bb4a39991f8fab9b1d2e423ea4d545f23fd44d9473a6423d94bbf" ], "processPatterns": [], "networkPatterns": [], "telemetrySelectors": [] } }