Red Hat npm packages compromised in credential‑stealing supply‑chain attack

Red Hat cloud services npm packages were compromised in a supply chain attack that used a preinstall script to steal developer and CI secrets. linuxiac.com/red-hat-npm-... #RedHat #OpenSource #Security

IBM and Red Hat launch $5B Project Lightwell to strengthen open-source software supply chain security 🤖 IA: It's not clickbait ✅ 👥 Users: It's not clickbait ✅ #opensource #supplychainsecurity View full AI summary:

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Miasma supply chain attack hit Red Hat npm packages, stealing GitHub, npm, cloud, Kubernetes, Vault, SSH, and Git creds while spreading a self-propagating worm via install-time execution and encrypted exfiltration. #Miasma #RedHat #GitHub

🚨 Red Hat npm packages compromised in a sophisticated supply chain attack! 31+ components, ~116k weekly downloads affected, exposing 300+ GitHub repos. Attackers harvest credentials (tokens, cloud keys, SSH) from local envs. Devs: Audit dependencies & rotate credentials ASAP! ⚠️ (Source: SlowMist)

@reversinglabs.com 32 Red Hat npm packages were backdoored in 72 seconds with obfuscated malware to steal cloud credentials. - IOCs: github[. ]com/oven-sh/bun/releases - #SupplyChain #ThreatIntel #npm

Red Hat NPM Packages Compromised by Credential-Stealing Worm Miasma used a compromised Red Hat employee GitHub account and OIDC tokens to publish malicious packages. The worm then stole cloud credentials and self-replicated across repositories.

📰 Shai-Hulud malware has been identified as a new threat targeting Red Hat npm package versions downloaded 80K times a week, potentiall... 🔗 https://www.theregister.com/security/2026/06/01/shai-hulud-malware-infects-red-hat-npm-packages-downloaded-80k-times-weekly/5249803 #Tech #Enterprise

Red Hat npm packages compromised to steal developer credentials More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [.… #hackernews #news

A sophisticated supply chain attack targeted Red Hat's internal npm packages, leading to the theft of developer credentials. This incident reveals how attackers exploited trusted publishing via compromised GitHub accounts, exposing a… https://www.tpp.blog/1u57wd0 #cybersecurity #redhat #npm

Silent Supply Chain Collapse: Over 30 npm Packages in Red Hat Cloud Namespace Compromised in Devastating Miasma Attack + Video Introduction: When Trust Becomes the Attack Surface A major supply chain breach has shaken the open-source ecosystem after more than 30 npm packages under Red Hat’s…

Another supply-chain compromise worm. Multiple packages in the official Red Hat redhat-cloud-services npm scope were compromised in a supply-chain attack distributing a credential-stealing worm. Affected packages added a pre… — from @lukOlejnik (https://x.com/lukOlejnik/status/2061675444965941708)

30+ Red Hat npm packages were reportedly hijacked in a supply-chain attack involving a self-propagating credential stealer called Miasma. The scary part: malicious packages allegedly shipped with valid npm provenance by abusing an OIDC trusted publishing gap. thecybersecguru.com/news/red-hat...