Researchers discovered several packages in the @redhat-cloud-services npm namespace containing malware targeting credentials for GitHub Actions, AWS, GCP and others (Rohan Prabhu/Step Security Blog)

Rohan Prabhu / Step Safety Blog:

Researchers discovered several packages in the @redhat-cloud-services npm namespace containing malware targeting credentials for GitHub Actions, AWS, GCP and others.— Several packages in the @redhat-cloud-services npm scope contain malicious payloads that are triggered via a preinstallation hook every time npm is installed.

The emergence of Uzbekistan as a mobility hub in Central Asia – The Diplomat