More supply chain compromises: Namaste, xinference, and more

Two active supply-chain attacks are compromising npm/PyPI packages and a popular AI model-serving framework to deploy Python backdoors and credential-stealers that harvest AWS/GCP/Azure keys, SSH keys, and Kubernetes secrets; the malware spreads via post-install scripts and by hijacking developer publishing pipelines, and includes IOCs and immediate mitigation advice (rotate credentials, disable post-install scripts, pin dependencies, and reinstall from a clean state).