Skip to content

Red Hat: Over 30 npm Packages Compromised with Credential Stealer

The Bottom Line: Red Hat npm packages were abused to distribute credential stealer malware; organizations must review dependencies and rotate developer credentials.

Attackers took over 30 or more npm packages from Red Hat’s ‘@redhat-cloud-services’ namespace and distributed a new variant of the Shai-Hulud malware to steal developer credentials. This marks another serious supply-chain attack on the JavaScript ecosystem.

The packages under the ‘@redhat-cloud-services’ namespace were manipulated to deliver a new credential-stealing malware variant called “Miasma”. Shai-Hulud is a well-known malware specifically targeting developers and their authentication information.

For CISOs, this attack poses a direct supply-chain risk: developers who integrated these packages into their projects may have been compromised. Leaked npm tokens, SSH keys, or other sensitive credentials allow attackers to conduct deep lateral movement activities within the organization and potentially compromise further supply chains.

Red Hat has removed the affected packages from the npm repository. Organizations should immediately verify whether they or their developers use these ‘@redhat-cloud-services’ packages, identify affected versions, and perform a credential rotation process. Suspicious activities in npm token logs and the package version history should also be reviewed.


Source: www.bleepingcomputer.com · Published June 1, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification through Lumi News Pipeline v1.2.8.

Share on: