HomeEverythingEducation
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

Red Hat NPM packages compromised by malicious worm

Created at 2 Jun · 3:39 AM1 source↑ Market-relevant
IN SHORT

Official Red Hat NPM accounts were compromised, allowing a malicious worm to spread and steal sensitive credentials. The supply-chain attack, which began Monday, affected over 30 packages in the @redhat-cloud-services namespace, a channel widely trusted by developers.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

30+packages affected by the attack

Who's Involved

Red Hat
Official NPM accounts compromised in supply-chain attack
Aikido
Security firm that identified the malicious worm

↳ Why This Matters

Supply-chain attacks, where threat actors compromise legitimate software channels to distribute malware, pose a significant risk to the software development ecosystem. By exploiting the trust developers place in official repositories like npm, attackers can gain widespread access to systems and sensitive data. This incident highlights the ongoing challenges in securing the software supply chain.

Key facts

  • Official Red Hat NPM accounts were compromised.
  • A malicious worm was distributed through these accounts.
  • The worm spreads between machines and steals sensitive credentials.
  • The attack targeted the @redhat-cloud-services namespace.
  • Over 30 packages appear to be affected.

Supply-chain attacks, where threat actors compromise legitimate software channels to distribute malware, pose a significant risk to the software development ecosystem. By exploiting the trust developers place in official repositories like npm, attackers can gain widespread access to systems and sensitive data. This incident highlights the ongoing challenges in securing the software supply chain.

Frequently asked questions

Official Red Hat NPM accounts were compromised and used to distribute a malicious worm.

The worm spreads between machines and attempts to steal sensitive credentials and confidential data.

Researchers indicated that more than 30 packages within the @redhat-cloud-services namespace appear to be affected.

The threat actor gained control of the @redhat-cloud-services namespace, likely through compromised credentials, possibly from a prior supply-chain attack.

What Happens Next

01Red Hat is expected to provide further details on the compromise and remediation efforts.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

1 Jun · 7:49 PM
Dozens of Red Hat packages on the official NPM channel were compromised and used to distribute a malicious worm that steals credentials.
Ars Technica via PiQSuite

Sources

T1
Dozens of Red Hat packages backdoored through its official NPM channelm.piqsuite.com

Related Stories

Linux KVM vulnerability allows VM escape, root access
8 Jul · 7:05 PM
AssuranceAmerica Data Breach Exposes Millions of Driver's Licenses
8 Jul · 4:35 PM
Thousands of routers bricked after Australian government program ends
8 Jul · 6:15 PM
City Labs launches world's first commercial nuclear-powered satellite
8 Jul · 5:30 PM
Lawsuit: Grok user created 7K child sex images; xAI accused of obstructing probe
8 Jul · 8:05 PM