Storia in 7 fonti

Dozens of Red Hat packages backdoored through its official NPM channel

Anyone who has downloaded affected Red Hat packages should investigate immediately.

Raccontata da

Confronto fonti

6 prospettive sulla stessa storia

AI · summaries

theregister.com19 h fa

Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week

TeamPCP? Or copycat malware dev?

Leggi questa versione → originale

arstechnica.com

Timeline cronologica

lunedì 1 giugno 2026·thehackernews.com
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.
lunedì 1 giugno 2026·arstechnica.com
Dozens of Red Hat packages backdoored through its offical NPM channel
Anyone who has downloaded affected Red Hat packages should investigate immediately.

21 h fa

Dozens of Red Hat packages backdoored through its offical NPM channel

Red Hat NPM account (@redhat-cloud-services) compromised; >30 packages execute install-time malware stealing GitHub/npm/K8s/Vault secrets. The worm spreads to other accounts via infected machines, making any installation a supply-chain risk regardless of usage.

Leggi questa versione → originale

infoworld.com19 h fa

Infected Red Hat npm packages expose developer credentials

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through software publishing ecosystems for persistence and credential theft.

Leggi questa versione → originale

securityweek.com7 h fa

Supply Chain Attack Hits 32 Red Hat NPM Packages

32 Red Hat NPM packages compromised in 72-second attack; malware steals GitHub/npm tokens, cloud credentials impacting ~10M downloads. Supply chain attack escalation; immediate credential rotation and dependency audits critical for all JavaScript-using teams.

Leggi questa versione → originale

thehackernews.com23 h fa

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Miasma compromised @redhat-cloud-services npm packages, harvesting credentials and persisting in development tools. The worm escalates privileges, steals cloud identities, and propagates via GitHub—threatening CI/CD integrity and supply chains.

Leggi questa versione → originale

bleepingcomputer.com19 h fa

Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma."

Leggi questa versione → originale

lunedì 1 giugno 2026·

arstechnica.com