{"id":262123,"date":"2026-06-02T11:58:00","date_gmt":"2026-06-02T15:58:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/02\/dozens-of-red-hat-npm-packages-targeted-in-supply-chain-attack\/"},"modified":"2026-06-02T12:15:22","modified_gmt":"2026-06-02T16:15:22","slug":"dozens-of-red-hat-npm-packages-targeted-in-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/02\/dozens-of-red-hat-npm-packages-targeted-in-supply-chain-attack\/","title":{"rendered":"Dozens of Red Hat npm packages targeted in supply- chain attack"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/dozens-red-hat-npm-packages-supply-chain-attack\/821723\/\">Dozens of Red Hat npm packages targeted in supply- chain attack<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/dozens-red-hat-npm-packages-supply-chain-attack\/821723\/\">https:\/\/www.cybersecuritydive.com\/news\/dozens-red-hat-npm-packages-supply-chain-attack\/821723\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-02 11:58:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p><span><span><span><span><span><span>Researchers on Monday warned that more than 30 Red Hat npm packages have been compromised in a supply-chain attack that used a credential-stealing worm.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>A total of 96 versions across 32 packages have been identified as compromised, <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>according to researchers at Aikido Security<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>. The accumulated downloads exceed 116,000, according to researchers.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The packages were published through the GitHub Actions OIDC, which indicates the compromise was linked to the continuous integration\/continuous delivery pipeline, instead of an npm token, researchers noted.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Anyone that has downloaded an affected package version since Monday should assume that CI secrets, cloud credentials, SSH keys and npm tokens are compromised, researchers said. They should all be rotated in a preventative measure to protect against future actions.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Red Hat confirmed it is investigating the malicious activity.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>\u201cRed Hat is aware of security reports regarding certain npm packages within our development tooling ecosystem,\u201d the company told Cybersecurity Dive in a statement.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The packages were immediately removed from its npm registry. Red Hat said the packages are \u201cstrictly limited to internal development\u201d and noted that the malicious code was never published for customer use through the <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>console.redhat.com<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> system.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>\u201cWhile our investigation is ongoing, we have not identified any impact to customer or partner environments or Red Hat production systems,&#8221; the company said.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Red Hat confirmed the compromise was linked to a <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>compromised GitHub account<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>, which pushed the unauthorized commits repositories in the RedHatInsights GitHub organization.\u00a0\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The payload appears to be linked to the Mini Shai Hulud malware that was open sourced by Team PCP, <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>according to a blog post released Monday<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> by cybersecurity firm Wiz. The variant creates repositories that reference Miasma: The Spreading Blight, according to Wiz.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The Mini Shai Hulud campaign&#8230;<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/dozens-red-hat-npm-packages-supply-chain-attack\/821723\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dozens of Red Hat npm packages targeted in supply- chain attack https:\/\/www.cybersecuritydive.com\/news\/dozens-red-hat-npm-packages-supply-chain-attack\/821723\/ Publish Date: 2026-06-02&#8230;<\/p>\n","protected":false},"author":1,"featured_media":262124,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/aNgbn2GkwRAtPzI55Dql8pUyCOeoyAuciHFZ3MWNHEs\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9yZWRfaGF0X3Rvd2VyXzIuanBn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[32,57],"class_list":["post-262123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-malware","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/262123"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=262123"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/262123\/revisions"}],"predecessor-version":[{"id":262125,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/262123\/revisions\/262125"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/262124"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=262123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=262123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=262123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}