Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed June 9, 2026 | 10:58 UTC
2032 CVEs This Month
7 Actively Exploited
0 Ransomware Activity
25 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Cloud & Identity Security

Over 30 Red Hat npm Packages Compromised to Distribute New Credential-Stealing Malware Variant

Thirumala Rao Padilam Thirumala Rao Padilam June 2, 2026
Over 30 Red Hat npm Packages Compromised to Distribute New Credential-Stealing Malware Variant

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack, resulting in the distribution of a new variant of the Shai-Hulud credential-stealing malware, named Miasma. The incident highlights ongoing risks associated with open source software supply chains and targeting developer credentials.

What happened

Attackers infiltrated over 30 npm packages maintained by Red Hat within the '@redhat-cloud-services' namespace. These compromised packages were used as a vector to distribute a new variant of the Shai-Hulud malware, which is designed to steal credentials from victims. The malware variant involved in this attack has been identified as "Miasma." This intrusion represents a notable supply-chain attack within the npm ecosystem, affecting Red Hat’s cloud service-related packages.

Why it matters

This supply-chain compromise impacts the trust model of open source software dependencies, particularly given Red Hat’s prominence in cloud services. By injecting credential-stealing malware into widely used npm packages, attackers gain a stealthy method to harvest developer and possibly other sensitive credentials, posing risks to both individual developers and organizations relying on these packages.

What security teams should do

Security teams should review their usage of npm packages within the '@redhat-cloud-services' namespace and validate the integrity of these dependencies in their projects. It is advisable to monitor systems for any signs of credential theft or suspicious activity related to these packages. Where possible, update to patched or verified safe versions once Red Hat releases remediation measures or advisories.

Key technical details

The compromised npm packages hosted under Red Hat’s namespace delivered a new Shai-Hulud malware variant called "Miasma." This malware is crafted to steal credentials from environments where the packages are installed. The intrusion aligns with supply-chain tactics that leverage trusted software components to distribute malicious payloads silently to downstream users. Details about the specific delivery mechanism or exploitation methods within the packages have not been disclosed.

Affected organizations/products

The affected scope includes more than 30 npm packages under the '@redhat-cloud-services' namespace managed by Red Hat, primarily targeting developers and cloud service users relying on these packages.

Source attribution

https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!