GitHub npm supply chain attacks, LiteSpeed RCE, CISA credentials exposed

**Executive Summary:** GitHub and multiple package ecosystems are facing coordinated supply-chain attacks and credential-stealing malware; a critical LiteSpeed cPanel RCE (CVE-2026-48172) and Ghost CMS SQL injection (CVE-2026-26980) are actively exploited, and a CISA contractor publicly exposed AWS GovCloud credentials—urgent patching, credential rotation, and repository/audit actions are recommended.