MAL-2026-5142 Malicious code in @redhat-cloud-services/insights-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

curl: curl’s persistence files inherit world-readable/writable perms from umask, leaking and tampering with cookies/HSTS/Alt-Svc caches

Executive Summary Curlfopen clones the permissions of any pre-existing persistence file when creating its temporary file. When the persistence file does not exist, it first creates one with the process umask typically 022, i.e., 0644. That mode is then copied to the temp file via 0600 | sb.stmode...