Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
GitHub

SECURITY: @redhat-cloud-services packages compromised — malicious preinstall payload (credential stealer / worm) #493

Audit the GitHub Actions release workflow for tampering. Check sibling @redhat-cloud-services/* packages for the same preinstall + index.js size anomaly (likely same compromised pipeline). Advisory ...
GitHub

hxu296/leetcode-company-wise-problems-2022

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...