Red Hat NPM accounts compromised in supply-chain attack pushing credential-stealing worm
Anyone who has downloaded affected Red Hat packages should investigate immediately.
Read the full articleYou might also wanna read

Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm
Multiple official @redhat-cloud-services npm packages were compromised with a credential-stealing worm derived from the open-sourced Mini Sh
Multiple @redhat-cloud-services npm packages compromised in supply chain attack
Ref: Affected Packages Package Compro...

Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages
A supply chain worm dubbed Miasma has been found in dozens of @redhat-cloud-services npm releases. The malicious preinstall hook steals cred
MAL-2026-5137: Malicious code in @redhat-cloud-services/frontend-components-translations (npm)
The @redhat-cloud-services/frontend-components-translations npm package versions 4.4.1, 4.4.2, and 4.4.4 were compromised as part of the "Mi
MAL-2026-5133: Malicious code in @redhat-cloud-services/compliance-client (npm)
The @redhat-cloud-services/compliance-client npm package versions 4.0.3, 4.0.4, and 4.0.6 were compromised as part of the "Mini Shai-Hulud"
npm Supply Chain Attack Exposes Private Repositories, AWS Credentials and More
npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this

Comments
Sign in to join the conversation.
No comments yet. Be the first.