Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Red Hat NPM Packages Targeted in Supply Chain Breach

Red Hat NPM Packages Targeted in Supply Chain Breach

Posted on June 2, 2026 By CWS

In a significant security incident, Red Hat’s NPM repository was infiltrated on Monday, resulting in the deployment of harmful versions of 32 packages. This breach was part of a supply chain attack aiming to distribute a worm capable of stealing credentials.

Rapid Deployment of Malicious Packages

ReversingLabs reported that within just 72 seconds, the perpetrators managed to release corrupted versions across all 32 packages. This swift distribution suggests the use of automation tools by the attackers.

The compromised packages are integral to the Red Hat Hybrid Cloud Console’s JavaScript ecosystem, which collectively accounts for nearly 10 million downloads, highlighting the widespread impact of this breach.

Method of Compromise

Insight from Aikido indicates that the attackers infiltrated the CI/CD pipeline and utilized GitHub Actions OIDC to disseminate the malicious package versions. It is suspected that the hackers had access to credentials within the @redhat-cloud-services NPM scope.

The packages included a preinstall hook that facilitated malware execution during the NPM installation process, before any package importation or usage.

Malware Characteristics and Impact

The malicious payload, labeled “Miasma: The Spreading Blight,” appears to be a variation of the Mini Shai-Hulud worm, previously employed by TeamPCP in targeting the open source community.

The malware’s source code was released last month, encouraging further supply chain attacks by malicious actors. Ox Security identified that the threat actors tested this capability by infecting a repository on May 29.

This malware focuses on extracting sensitive data such as GitHub Actions secrets, npm tokens, and SSH keys, transmitting the data to a server controlled by the attackers. It also leverages a fallback mechanism using GitHub to publish stolen information.

Mitigation and Recommendations

Following the detection of the breach, Red Hat maintainers have released clean versions of all affected packages and removed the malicious iterations from NPM.

Users are strongly encouraged to update to secure versions immediately. Those who installed compromised versions should assume their systems are compromised, necessitating immediate rotation of credentials and other sensitive information.

Developers should also examine transitive dependencies for potential contamination and monitor their systems for unusual activities.

Related industry efforts include IBM and Red Hat’s $5 billion investment to enhance open-source supply chain security under “Project Lightwell,” reflecting the growing importance of securing software development pipelines.

Security Week News Tags:Cybersecurity, GitHub, JavaScript, Malware, NPM, Open Source, Red Hat, security breach, software development, supply chain attack

Post navigation

Previous Post: Hackers Use Fake Job Portals to Spread Malware
Next Post: Join Free Webinar on AI-Powered Web App Security

Related Posts

Adaptive Security Raises  Million in Series B Funding Adaptive Security Raises $81 Million in Series B Funding Security Week News
Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware Security Week News
Microsoft Awards .3 Million at 2026 Hacking Event Microsoft Awards $2.3 Million at 2026 Hacking Event Security Week News
Ericsson Data Breach Exposes Thousands’ Information Ericsson Data Breach Exposes Thousands’ Information Security Week News
Microsoft Moves Closer to Disabling NTLM Microsoft Moves Closer to Disabling NTLM Security Week News
Key Cybersecurity Updates: Apple, Delta, AWS Announcements Key Cybersecurity Updates: Apple, Delta, AWS Announcements Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Tool Revolutionizes Automated Penetration Testing
  • Critical WordPress Flaw Allows Code Execution
  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data
  • EY Faces Data Breach: IT System Compromised

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Tool Revolutionizes Automated Penetration Testing
  • Critical WordPress Flaw Allows Code Execution
  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data
  • EY Faces Data Breach: IT System Compromised

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark