DevSecOps company Phylum has discovered 46 malicious JavaScript and Python libraries—41 on npm and 5 on PyPI—designed to steal Kubernetes configuration files and SSH keys from infected systems: https://blog.phylum.io/sensitive-data-exfiltration-campaign-targets-npm-and-pypi/

The campaign is related to a cluster of activity Sonatype spotted last week: https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys