The Hacker News

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...
Computing

Compromised Red Hat accounts are spreading credential-stealing worm

A threat actor has compromised official Red Hat accounts on Node Package Manager (NPM), using them to push self-propagating ...