A vulnerability in Red Hat Advanced Cluster Management enables authenticated attackers to execute code and carry out DoS attacks on central cluster management infrastructure.
At least 32 Red Hat npm packages were infected with a credential stealer that simultaneously manipulated GitHub workflows to publish additional packages with forged SLSA attestations and expand supply chain access.
A supply-chain attack on Red Hat npm packages exploits install-time execution and credential harvesting to infiltrate developer and CI/CD systems with self-propagating malware.