Malicious code in @redhat-cloud-services/chrome (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Malicious code in xv_chrome (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c881a12c5927e8417299e80ccc13de9f4da2e5f6bdf2f1471bd0525c84581607 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...