1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Compromised Red Hat npm packages downloaded over 80,000 times in

    From TechnologyDaily@1337:1/100 to All on Tuesday, June 02, 2026 15:00:27
    Compromised Red Hat npm packages downloaded over 80,000 times in one week supply chain attack still ongoing

    Date:
    Tue, 02 Jun 2026 13:55:00 +0000

    Description:
    Security researchers spotted a new campaign using the same methods as TeamPCP.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Red Hat npm packages
    compromised with Mini Shai-Hulud variant Attackers target GitHub secrets and cloud credentials Copycat worm shows themed but similar tradecraft Numerous Red Hat npm packages were recently compromised and tainted with a variant of the Mini Shai-Hulu worm, targeting GitHub Actions secrets, npm tokens, and other valuable information. Thousands of developers and projects are potentially at risk.

    Recently, a single Red Hat employee has had their GitHub account compromised. The miscreants used the access to infiltrate, and then compromise, dozens of npm packages. Wiz, for example, identified 32 packages so far, which receive around 80,000 downloads a week. Socket, on the other hand, claims to have identified 95 packages. Both outfits confirmed that the attack is currently ongoing, and hinted that the number of infected packages will probably grow even bigger. Latest Videos From Watch full video here: You may like Mini Shai-Halud hackers publish over 600 compromised npm packages GitHub hit with another major attack Megalodon hits over 5,000 repos with malware-laden commits OpenAI Codex tool with over 29,000 downloads linked to malicious npm supply chain attack stealing authentication tokens TeamPCP copycats All of
    the packages were published under the Red Hat Cloud Services namespace. The company confirmed the attack to The Register , and said it removed the compromised content. The packages are strictly limited to internal development, and the malicious code was never published for customer consumption via the console.redhat.com system. While our investigation is ongoing, we have not identified any impact to customer or partner
    environments or Red Hat production systems.

    Socket says the attackers are going after peoples GitHub Actions secrets, npm tokens, cloud credentials, Kubernetes and Vault material, SSH keys, Git credentials, and other sensitive files. It also includes encrypted exfiltration logic and GitHub-based fallback mechanisms, indicating that the attacker was not only attempting to steal credentials, but also potentially enable further supply chain propagation.

    Originally, the group behind the Mini Shai-Hulud attack was TeamPCP. However, they open-sourced the worm, resulting in the emergence of copycats and other threat actors employing a similar strategy. Miniature, cosmetic changes seen in this campaign, point to one such group.

    Wiz claims all references to the Dune universe were replaced by Greek mythology themes, but apart from that, the underlying functionality and tradecraft remain substantially similar. One notable difference in this worm is collecting Google Cloud Platform and Microsoft Azure identities, as well
    as all the identities that the infected machine has access to. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Via The Register The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/compromised-red-hat-npm-packages-downlo aded-over-80-000-times-in-one-week-supply-chain-attack-still-ongoing


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)