Storia in 9 fonti

Red-Hat-Infostealer kommt auf mehr als 100.000 Downloads

Die Managed Cloud Services von Red Hat waren das Ziel einer Lieferkettenattacke. Dahinter steckt ein Klon des npm-Wurms Mini Shai‑Hulud.

Raccontata dadev.toilsoftware.itthehackernews.comarstechnica.combleepingcomputer.comtheregister.cominfoworld.comsecurityweek.comheise.de

Confronto fonti

6 prospettive sulla stessa storia

AI · summaries

heise.deStai leggendo4 h fa

Red-Hat-Infostealer kommt auf mehr als 100.000 Downloads

Die Managed Cloud Services von Red Hat waren das Ziel einer Lieferkettenattacke. Dahinter steckt ein Klon des npm-Wurms Mini Shai‑Hulud.

originale

bleepingcomputer.com19 h fa

Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma."

Leggi questa versione → originale

infoworld.com19 h fa

Infected Red Hat npm packages expose developer credentials

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through software publishing ecosystems for persistence and credential theft.

Leggi questa versione → originale

theregister.com19 h fa

Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week

TeamPCP? Or copycat malware dev?

Leggi questa versione → originale

thehackernews.com23 h fa

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Miasma compromised @redhat-cloud-services npm packages, harvesting credentials and persisting in development tools. The worm escalates privileges, steals cloud identities, and propagates via GitHub—threatening CI/CD integrity and supply chains.

Leggi questa versione → originale

ilsoftware.it1 g fa

Attacco a Red Hat: malware nascosto nei pacchetti npm, a rischio credenziali cloud

Pacchetti Red Hat Cloud Services compromessi su npm: furto di segreti CI/CD, token cloud, worm e mitigazioni.

Leggi questa versione → originale

Timeline cronologica

1. lunedì 1 giugno 2026·dev.to
   

   31 paquetes npm de Red Hat comprometidos roban credenciales de nube

   StepSecurity detectó 31 paquetes del scope @redhat-cloud-services en npm publicados con código malicioso que roba credenciales de nube. Qué pasó y cóm

2. lunedì 1 giugno 2026·ilsoftware.it
   

   Attacco a Red Hat: malware nascosto nei pacchetti npm, a rischio credenziali cloud

   Pacchetti Red Hat Cloud Services compromessi su npm: furto di segreti CI/CD, token cloud, worm e mitigazioni.

3. lunedì 1 giugno 2026·thehackernews.com
   

   Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

   Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.

4. lunedì 1 giugno 2026·arstechnica.com
   

   Dozens of Red Hat packages backdoored through its official NPM channel

   Anyone who has downloaded affected Red Hat packages should investigate immediately.

5. lunedì 1 giugno 2026·arstechnica.com
   

   Dozens of Red Hat packages backdoored through its offical NPM channel

   Anyone who has downloaded affected Red Hat packages should investigate immediately.

6. lunedì 1 giugno 2026·bleepingcomputer.com
   

   Red Hat npm packages compromised to steal developer credentials

   More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud…

7. lunedì 1 giugno 2026·theregister.com
   

   Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week

   TeamPCP? Or copycat malware dev?

8. martedì 2 giugno 2026·infoworld.com
   

   Infected Red Hat npm packages expose developer credentials

   Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through software publishing ecosystems for persistence and credential…

9. martedì 2 giugno 2026·securityweek.com
   

   Supply Chain Attack Hits 32 Red Hat NPM Packages

   Hackers published 96 malicious versions across 32 Red Hat NPM packages in a supply chain attack similar to Mini Shai-Hulud.

10. martedì 2 giugno 2026·heise.de
    

    Red-Hat-Infostealer kommt auf mehr als 100.000 Downloads

    Die Managed Cloud Services von Red Hat waren das Ziel einer Lieferkettenattacke. Dahinter steckt ein Klon des npm-Wurms Mini Shai‑Hulud.