Red Hat npm Packages Infected with Credential Stealer – Over 30 Releases Affected2. June 2026CybersecurityAt least 32 Red Hat npm packages were infected with a credential stealer that simultaneously manipulated GitHub workflows to publish additional packages with forged SLSA attestations and expand supply chain access. Share on: