Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said.
The supply-chain attack began Monday and remained active at the time t...
Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said.
The supply-chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido. It’s the result of the threat actor responsible for the hack taking control of @redhat-cloud-services, a legitimate channel in the npm repository that’s reserved for official Red Hat packages. As such, the channel is widely trusted by developers who rely on Red Hat cloud services.
The vicious cycle of today’s supply-chain attacks
It’s unclear precisely how the threat actor took control of the namespace, but it almost certainly involved the compromise of credentials required to access it, possibly through a previous supply-chain attack. More than 30 packages seem to be affected.Read full article
Comments
在人工智能领域,OpenAI(开放人工智能)不仅因其前沿技术而备受瞩目,其内部的政治动向同样引人关注。近日,一场围绕公司内部政治行动委员会(PAC)的资金流向争议,揭示了这家AI巨头内部存在的深刻分歧。根据最新披露的财务数据,OpenAI的员工已向一个名为“反对引领未来”的政治行动委员会捐赠了超过21.5万美元,而“引领未来”(Leading the Future)这个组织,正是由OpenAI联合创始人兼总裁格雷格·布罗克曼(Greg Brockman)所支持的。