Security Alert: Red Hat Cloud Service npm package under active supply chain attack, stolen credentials in over 300 GitHub repositories BlockBeats News: On June 2nd, SlowMist issued a security alert and detected an active npm supply chain attack targeting software packages related to @ redhat cloud services. At present, it has been confirmed that 31+packages are affected, with a weekly download volume of approximately 116000 times, and over 300 GitHub repositories containing stolen credentials. This attack technique is highly similar to the previous "Shai Hulud" npm attack, including credential theft, creating malicious repositories, and automated secret leaks. At present, new suspicious repositories continue to emerge, indicating that the attack is still ongoing and developers are still being infected. Potential hazards include: Github/npm token theft, AWS/GCP/Azure cloud credential leakage, SSH key and Kubernetes secret collection, local environment and wallet data leakage, malicious repository creation and persistence operations, and even the possibility of destructive behavior after the token is revoked. It is recommended to immediately remove or downgrade the affected version of the @ redhat cloud services package, conduct a comprehensive audit of CI/CD workflows and dependency installations, rotate all GitHub, npm, cloud services, SSH, and wallet related keys, retain logs, and rebuild exposed developer machines or Runners from clean images, while maintaining high vigilance. [Original link]