A coordinated supply chain attack compromised the @redhat-cloud-services npm scope, resulting in the automated publication of 32 backdoored packages. The malware utilizes a sophisticated three-layer obfuscation pipeline to drop a credential stealer that targets cloud and CI/CD secrets, exfiltrates data via the GitHub API, and possesses worm-like self-propagation capabilities.