Preinstall to persistence: Inside the npm Miasma credential-stealing campaign

Microsoft Threat Intelligence discovered a large-scale npm supply chain attack compromising 32 malicious packages across over 90 versions under the @redhat-cloud-services scope. The compromise originated from the RedHatInsights/javascript-clients CI/CD pipeline, enabling attackers to publish trojanized packages through legitimate GitHub Actions OIDC workflows with authentic provenance signatures. The malicious packages executed a heavily obfuscated 4.29 MB dropper via npm preinstall hooks, which downloaded the Bun JavaScript runtime and launched payloads designed to harvest credentials from GitHub, npm, AWS, Azure, GCP, HashiCorp Vault, Kubernetes, and developer systems. The malware scraped GitHub Actions runner memory for secrets, escalated privileges using passwordless sudo, exfiltrated stolen data through GitHub infrastructure, and propagated by compromising additional maintainer packages with forged SLSA provenance. The campaign marker "Miasma: The Spreading Blight" was embedded throughout the malicious

Pulse ID: 6a214311a2c1a61296efbdc5
Pulse Link: https://otx.alienvault.com/pulse/6a214311a2c1a61296efbdc5
Pulse Author: AlienVault
Created: 2026-06-04 09:19:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #Azure #Cloud #CyberSecurity #GitHub #InfoSec #Java #JavaScript #Malware #Microsoft #NPM #OTX #OpenThreatExchange #Password #RAT #SupplyChain #Trojan #Word #bot #AlienVault

PCPJack Hijacked 230 AWS, GCP, and Azure Servers to Run a Hidden SMTP Relay Network

PCPJack operators compromised 230 cloud Linux servers across AWS, GCP, and Azure to build a covert SMTP relay network for email-based attacks. Researchers discovered exposed directories on infrastructure at 213.136.80[.]73 containing complete deployment toolkits including Chisel binaries, Python deployers, and operational state files. The campaign deployed Sliver C2 beacons and established reverse SOCKS5 tunnels on compromised hosts, testing each for SMTP relay capability. Three deployment versions showed operational evolution from 50 to 230 nodes, with verified proxies synchronized every five minutes to a downstream aggregation server. The operation targeted cloud-hosted web applications, exploiting them to gain initial access, then establishing persistence through systemd services and cron jobs disguised as system utilities. Victims included small to medium businesses across multiple regions running containerized and traditional workloads.

Pulse ID: 6a2067cbef8cf15f958711ce
Pulse Link: https://otx.alienvault.com/pulse/6a2067cbef8cf15f958711ce
Pulse Author: AlienVault
Created: 2026-06-03 17:43:39

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #Azure #Cloud #CyberSecurity #Email #InfoSec #Linux #OTX #OpenThreatExchange #Python #RAT #Sliver #bot #socks5 #AlienVault

جروب‑آي‑بي يكتسب اعتماد AWS للكفاءة في البرمجيات المالية 🚀
- يعني أن جروب‑آي‑بي يطابق أعلى معايير الأمان للمؤسسات البنكية والتأمين والادفعـات العالمية.
- يعد ذلك خطوة قوية نحو تقوية البنية التحتية للـ FinTech مع الحفاظ على الخصوصية والشفافية.
- فرصة لتعمق الثقة بين المستخدمين والشركات التقنية.

#FinTech #أمان_سحابي #AWS #التمويل_الرقمي #الخصوصية_البيانات

🔗 https://news.google.com/rss/articles/CBMiswJBVV95cUxPalRweEd1bmlTMzB4RFJIbkhfbjFuY3ZrM3hzNVUwQUtRWkpEWlUzNUhScFBaRGIteDZ0dEo2VUhjSE5NNU9wLTZWazFWQzdqZGIweXVHSmt6a25mdDYzTmJOVjBQb1ZPSi1MTmJ0RDZMXzZHS1RkRTgtQWZJTk9XUWlRY2U0YUV4YTFtYmdWbVJzOWJCSFZWWm8tdGhILXBWaUpBUzlqZkRjRkQwS0VQT2lHVWVFYm9UaVd6QWlvVmtUX1RoOFJheGdVeEpBZFJlYTluam9NMTNvN1NaZ3pCc2x2WTlmNVJWVHR3cUNwYWhvSXBoaHFnSkQxQWNGNEkzRHNRUjZBbXhZYWlkR2Vkb2ZVdDk5MVdZRHJ3cU94Y2dfaXRVb1VEcVBKWTJPbXV1bmc0?oc=5

Strands AgentsをLambdaにデプロイし、トレースをAgentCoreオブザーバビリティ（生成 AI オブザーバビリティ）に送るぜ
https://qiita.com/moritalous/items/8fe30948b7fe39c37919?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #AWS #lambda #otel #StrandsAgents #AgentCore

أجايل vs DevOps: ما الفرق الجوهري؟
- أجايل يركز على التخطيط المتكرر و تسليم قطع صغيرة من الوظيفة.
- DevOps يدمج التشغيل والتطوير لتسريع النشر وتقليل الفجوة بين الفرق.
- التعاون المستمر، الأتمتة، ومراقبة الإنتاج هما المفتاح في DevOps، بينما أجايل يبرز المرونة في المتطلبات.

#Agile #DevOps #تقنية #برمجة #AWS

🔗 https://news.google.com/rss/articles/CBMiekFVX3lxTFBSenh5cVV1TzBOU05zQ015UHdWTjRPeXhOSHV4cHJYRExwbjBpSk54Nk5CTjdYMWl0MGc2S2JKSDAzQm5vckpfNlRoWWN1d3JTSlVKMENpUUZPXzkzYmo0em91UU1abHJ1S0FuTkUxdGxkZlJJa3NMVm9B?oc=5

Curso Gratuito de Linux Debian: Aprenda Administração de Servidores na Prática

https://guiadeti.com.br/curso-gratuito-linux-debian/

#administracaodesistemas #aws #cloudcomputing #cursoonline #debian #devops #infraestrutura #linux #linuxdebian #linuxserver #servidores #softwarelivre #ssh #sysadmin #tecnologia
https://guiadeti.com.br/curso-gratuito-linux-debian/?fsp_sid=1034