Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said. The supply chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido. Its the result of the threat actor responsible for the hack taking control of @redhat cloud services, a legitimate channel in the...
