GitHub, npm, and Drupal under attack: supply-chain threats and active CVE exploitation

This briefing warns of high-severity, actively exploited incidents: a public GitHub leak exposed AWS GovCloud and CISA credentials, Drupal and LiteSpeed vulnerabilities are being exploited in the wild, and supply-chain compromises of Laravel-Lang and Packagist packages delivered credential-stealing malware; immediate actions include credential rotation, patching affected software, auditing dependencies and logs, and enforcing stronger GitHub controls.