@redhat-cloud-services publish pipeline is compromised today and shipped a signed, trusted, malicious npm package