{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreifszipehgnbqbu43klutj2gcxicqgjckb4vz7fv5vu47f76ow3dze",
    "uri": "at://did:plc:avkh7zze5iapdkk6naaunrjn/app.bsky.feed.post/3mnauh7upcqz2"
  },
  "path": "/260601/p51#a260601p51",
  "publishedAt": "2026-06-01T18:30:01.000Z",
  "site": "https://www.techmeme.com",
  "tags": [
    "Step Security Blog",
    "Researchers find packages in the @redhat-cloud-services npm namespace shipped malware that harvests credentials for GitHub Actions, AWS, GCP, Azure, and others",
    "@redhat-cloud-services"
  ],
  "textContent": "Rohan Prabhu / Step Security Blog:\n**Researchers find packages in the @redhat-cloud-services npm namespace shipped malware that harvests credentials for GitHub Actions, AWS, GCP, Azure, and others** — Several packages in the @redhat-cloud-services npm scope were found to carry malicious payloads that fire via a preinstall hook on every npm install.",
  "title": "Researchers find packages in the @redhat-cloud-services npm namespace shipped malware that harvests credentials for GitHub Actions, AWS, GCP, Azure, and others (Rohan Prabhu/Step Security Blog)"
}