All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Red Hat NPM accounts compromised in supply-chain attack pushing credential-stealing worm

By

Dan Goodin

3h ago· 2 min readenNews
Bagel score 65 of 100
65/100
Toasty
Bagelometer

A good honest bake. Not flashy, but you'll finish the whole bagel.

Score65TypenewsSentimentvery negative

Summary

A supply-chain attack compromised official Red Hat NPM accounts (@redhat-cloud-services) to push a malicious worm that spreads between machines and steals sensitive credentials. The attack began Monday and remained active at the time of reporting, according to security firm Aikido. The worm pilfers credentials in hopes of accessing more confidential data, and anyone who downloaded affected Red Hat packages should investigate immediately.

Key quotes

· 3 pulled
Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said.
The supply-chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido.
It's the result of the threat actor responsible for the hack taking control of @redhat-cloud-services, a legitimate channel in the npm repository that's reserved for officia
Snippet from the RSS feed
Anyone who has downloaded affected Red Hat packages should investigate immediately.

You might also wanna read

317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack

A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published

safedep.io·13d ago

DuckDB npm Account Breached in Ongoing Supply Chain Attack with Wallet-Drainer Malware

The ongoing npm supply chain attack that previously compromised prolific author Qix has now spread to the DuckDB npm account (duckdb_admin).

socket.dev·8mo ago

Popular npm packages debug and chalk compromised with crypto-intercepting malware

Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle

aikido.dev·8mo ago

Privilege Escalation via Page Use-After-Free in Qualcomm's QAIC Linux Kernel Driver

This security blog post details a privilege escalation vulnerability (page use-after-free) found in Qualcomm's QAIC (AI Accelerator) Linux K

lukasmaar.github.io·3h ago

Multiple @redhat-cloud-services npm packages compromised in supply chain attack

Multiple npm packages under the @redhat-cloud-services scope have been compromised with malicious releases. The affected packages include @r

github.com·9h ago

North Korean Group Famous Chollima Compromises Packagist Package to Target PHP Developers

A cybersecurity threat report detailing how the threat actor group "Famous Chollima" (linked to North Korea) targeted PHP developers by comp

hendryadrian.com·14h ago