security: Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft reports a large-scale npm supply chain attack affecting over 90 versions of @redhat-cloud-services packages. The malicious code targets CI/CD and developer systems to steal GitHub, cloud, and local credentials, and propagates by republishing trusted packages.

• Source: Microsoft Security Blog