惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
博客园_首页
H
Help Net Security
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
GbyAI
GbyAI
Scott Helme
Scott Helme
D
Docker
Hacker News: Ask HN
Hacker News: Ask HN
P
Privacy & Cybersecurity Law Blog
Jina AI
Jina AI
雷峰网
雷峰网
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Spread Privacy
Spread Privacy
G
GRAHAM CLULEY
C
Cisco Blogs
The Hacker News
The Hacker News
F
Full Disclosure
Y
Y Combinator Blog
Blog — PlanetScale
Blog — PlanetScale
Recent Announcements
Recent Announcements
G
Google Developers Blog
量子位
K
Kaspersky official blog
Cisco Talos Blog
Cisco Talos Blog
The Cloudflare Blog
A
About on SuperTechFans
C
Cybersecurity and Infrastructure Security Agency CISA
Last Week in AI
Last Week in AI
博客园 - 三生石上(FineUI控件)
Microsoft Security Blog
Microsoft Security Blog
Martin Fowler
Martin Fowler
T
Tenable Blog
P
Palo Alto Networks Blog
H
Heimdal Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
W
WeLiveSecurity
Schneier on Security
Schneier on Security
The Register - Security
The Register - Security
F
Fortinet All Blogs
Stack Overflow Blog
Stack Overflow Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
The Blog of Author Tim Ferriss
N
News and Events Feed by Topic
Hugging Face - Blog
Hugging Face - Blog
小众软件
小众软件
V
V2EX
爱范儿
爱范儿

LWN.net

Security updates for Friday [LWN.net] [$] A look at MinIO alternatives: Ceph and Garage Podman 6.0 released [$] Hardening the kernel with allocation tokens and bootpatch-SLR Security updates for Thursday [LWN.net] [$] LWN.net Weekly Edition for June 25, 2026 [$] Fedora: 2FA, or not 2FA, that is the question [$] A helper library for BPF arenas [$] Reports from OSPM 2026, day two Security updates for Wednesday [LWN.net] [$] KASAN for JIT-compiled BPF code Sunsetting Tor 0.4.8 Security updates for Tuesday [LWN.net] GIMP 0.54.1 in a Flatpak [$] Free-threaded Python: past, present, and future First preview release of Xfce [$] Reports from OSPM 2026, day one Security updates for Monday [LWN.net] Systemd v261 released [$] Suspending and resuming BPF programs [$] AURpocalypse now: a look at the recent AUR attacks Security updates for Friday [LWN.net] Eight new stable kernels for Friday The Software Freedom Conservancy [$] The first half of the 7.2 merge window Mastodon 4.6 released [$] Single-hop block replication with RMR and BRMR Security updates for Thursday [LWN.net] [$] LWN.net Weekly Edition for June 18, 2026 Fedora F44 election results Everything security at PyCon US 2026 [$] Some buffer-heads cleanup work FairScan 2.0 released Security updates for Wednesday [LWN.net] The LWN public topics list [$] The state of Fedora in 2026 Firefox 152.0 released KDE Plasma 6.7 released Security updates for Tuesday [LWN.net] [$] Development statistics for the 7.1 kernel Stenberg: curl summer of bliss Security updates for Monday [LWN.net] The 7.1 kernel has been released [$] An overlayfs update Hundreds of AUR packages compromised Security updates for Friday [LWN.net] Homebrew 6.0.0 released [$] Automatic mTHP creation in 7.2 Security updates for Thursday [LWN.net] [$] LWN.net Weekly Edition for June 11, 2026 Larson: Are insecure code completions a vulnerability? [$] AI agent runs amok in Fedora and elsewhere Buildroot 2026.05 released Security updates for Wednesday [LWN.net] Future of Ubuntu MATE [$] Eliminating long-lived credentials with trusted publishing Asahi Linux warns users not to upgrade to macOS 27 beta [$] BPF loop verification with scalar evolution Security updates for Tuesday [LWN.net] Linux App Summit 2026 (Heise) Three stable kernels for Tuesday Moving beyond fork() + exec() Ruby's Bundler adds a cooldown feature Security updates for Friday [LWN.net] Dave Airlie on Linux Kernel Maintenance (SE Radio) [$] Splicing out vmsplice() One step forward, two steps back on CA age bill (EFF Deeplinks Blog) Security updates for Thursday [LWN.net] [$] LWN.net Weekly Edition for June 4, 2026 [$] Open-source security is not a solo activity [$] BPF in the agentic era Tridgell: rsync and outrage Security updates for Wednesday [LWN.net] [$] Caching for extended attributes [$] Trying to make sense of package-manager metadata Vim Classic 8.3 released Security updates for Tuesday [LWN.net] Ombredanne: An AI agent ported our codebase from Python to Rust [$] Representing the true signatures of kernel functions Seven stable kernels for the first day of June DistroWatch turns 25 [$] Reconsidering x32 — again Fedora F44 election interviews published Security updates for Monday [LWN.net] Kernel prepatch 7.1-rc6 [$] A trademark dispute over MeshCore [$] A loadable crypto module for FIPS certification Nesbitt: Protestware for coding agents Security updates for Friday [LWN.net] Rust 1.96.0 released Górny: why Gentoo? [$] Policies for merging new filesystems IBM's 'Project Lightwell' [$] Separating memory descriptors from struct page Security updates for Thursday [LWN.net] LWN.net Weekly Edition for May 28, 2026 Interview session with Jonathan Corbet MOT: a tool to fight openwashing in AI Andrew Morton's 2004 OLS keynote Further progress toward removing the page map count
Multiple redhat-cloud-services npm packages compromised (StepSecurity Blog)
[Posted June 1, 2026 by jzb] · 2026-06-01 · via LWN.net

StepSecurity is reporting that a number of npm packages in the @redhat-cloud-services scope include malware that runs automatically on every npm install:

The payload is a multi-stage credential harvester that sweeps GitHub Actions secrets along with AWS, GCP, Azure, Kubernetes, HashiCorp Vault, npm, and CircleCI tokens, and it is purpose-built to evade detection, including an explicit attempt to bypass StepSecurity Harden-Runner.

StepSecurity analyzed @redhat-cloud-services/host-inventory-client@5.0.3 in full. Its index.js, executed at install time, is 4.2 MB, a file that should weigh a few kilobytes, with the real payload buried under three separate layers of obfuscation. The malware is also a self-propagating worm: using stolen npm tokens and npm's bypass_2fa parameter, it republishes backdoored versions of other packages on its own, even against accounts protected by two-factor authentication, so every infected machine can seed the next wave with no attacker involvement. All affected packages were published via GitHub Actions OIDC from the RedHatInsights/javascript-clients repository, indicating the upstream CI/CD pipeline itself was compromised. Analysis of the remaining packages is ongoing.

A blog post from SafeDep has additional analysis about the incident. We did not find an advisory from Red Hat on this yet.