Multiple official @redhat-cloud-services npm packages were compromised with a credential-stealing worm derived from the open-sourced Mini Shai-Hulud malware, targeting cloud credentials, and developer tooling across CI/CD pipelines.
on first glance it seems like the affected packages are not something someone outside of redhat would use, so i guess the fallout of this will be more interesting than the infected packages themselfs.
on first glance it seems like the affected packages are not something someone outside of redhat would use, so i guess the fallout of this will be more interesting than the infected packages themselfs.