Multiple official @redhat-cloud-services npm packages were compromised with a credential-stealing worm derived from the open-sourced Mini Shai-Hulud malware, targeting cloud credentials, and developer tooling across CI/CD pipelines.
Side Note: It was already believed that SSH encryption was broken by state actors since the first NSA leaks. So, people should at least always use it over another encrypted channel anyway.
Oh, cool! Red Hat! The people who run a company charging for support. This makes me feel very safe.
Ever since the ssh thing, but especially in the last few months, I really don’t feel safe with anything on the internet.
Dare I ask, what ssh thing?
Side Note: It was already believed that SSH encryption was broken by state actors since the first NSA leaks. So, people should at least always use it over another encrypted channel anyway.