{"id":224500,"date":"2026-06-02T11:58:00","date_gmt":"2026-06-02T15:58:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/02\/dozens-of-red-hat-npm-packages-targeted-in-supply-chain-attack\/"},"modified":"2026-06-02T12:05:17","modified_gmt":"2026-06-02T16:05:17","slug":"dozens-of-red-hat-npm-packages-targeted-in-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/02\/dozens-of-red-hat-npm-packages-targeted-in-supply-chain-attack\/","title":{"rendered":"Dozens of Red Hat npm packages targeted in supply- chain attack"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/dozens-red-hat-npm-packages-supply-chain-attack\/821723\/\">Dozens of Red Hat npm packages targeted in supply- chain attack<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/dozens-red-hat-npm-packages-supply-chain-attack\/821723\/\">https:\/\/www.cybersecuritydive.com\/news\/dozens-red-hat-npm-packages-supply-chain-attack\/821723\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-02 11:58:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Researchers on Monday warned that more than 30 Red Hat npm packages have been compromised in a supply-chain attack that used a credential-stealing worm.\u00a0<br \/>\nA total of 96 versions across 32 packages have been identified as compromised, according to researchers at Aikido Security. The accumulated downloads exceed 116,000, according to researchers.\u00a0<br \/>\nThe packages were published through the GitHub Actions OIDC, which indicates the compromise was linked to the continuous integration\/continuous delivery pipeline, instead of an npm token, researchers noted.\u00a0<\/p>\n<p>Anyone that has downloaded an affected package version since Monday should assume that CI secrets, cloud credentials, SSH keys and npm tokens are compromised, researchers said. They should all be rotated in a preventative measure to protect against future actions.\u00a0<br \/>\nRed Hat confirmed it is investigating the malicious activity.<br \/>\n\u201cRed Hat is aware of security reports regarding certain npm packages within our development tooling ecosystem,\u201d the company told Cybersecurity Dive in a statement.\u00a0<br \/>\nThe packages were immediately removed from its npm registry. Red Hat said the packages are \u201cstrictly limited to internal development\u201d and noted that the malicious code was never published for customer use through the console.redhat.com system.\u00a0<br \/>\n\u201cWhile our investigation is ongoing, we have not identified any impact to customer or partner environments or Red Hat production systems,&#8221; the company said.\u00a0<br \/>\nRed Hat confirmed the compromise was linked to a compromised GitHub account, which pushed the unauthorized commits repositories in the RedHatInsights GitHub organization.\u00a0\u00a0<br \/>\nThe payload appears to be linked to the Mini Shai Hulud malware that was open sourced by Team PCP, according to a blog post released Monday by cybersecurity firm Wiz. The variant creates repositories that reference Miasma: The Spreading Blight, according to Wiz.\u00a0<br \/>\nThe Mini Shai Hulud campaign has impacted multiple ecosystems in recent months, including four SAP npm packages in April and Microsoft\u2019s Durable Task package on PyPI.<br \/>\nU.S. authorities and private sector organzations recently have taken steps to better protect the open-source ecosystem from supply chain compromises.\u00a0<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dozens of Red Hat npm packages targeted in supply- chain attack https:\/\/www.cybersecuritydive.com\/news\/dozens-red-hat-npm-packages-supply-chain-attack\/821723\/ Publish Date: 2026-06-02&#8230;<\/p>\n","protected":false},"author":1,"featured_media":224502,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/aNgbn2GkwRAtPzI55Dql8pUyCOeoyAuciHFZ3MWNHEs\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9yZWRfaGF0X3Rvd2VyXzIuanBn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-224500","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/224500"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=224500"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/224500\/revisions"}],"predecessor-version":[{"id":224503,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/224500\/revisions\/224503"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/224502"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=224500"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=224500"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=224500"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}