Discussion

• @jfrogsecurity @jfrogsecurity on x

  🚨 Security Alert: Multiple Red Hat Cloud Services npm packages have been compromised in a new supply chain incident (@ redhat-cloud-services) The embedded malware executes silently upon installation, targeting local environments to harvest sensitive CI/CD secrets and cloud

• @msftsecintel @msftsecintel on x

  Microsoft has identified a npm supply chain compromise impacting 90+ redhat-cloud-services/* packages, including patch-client 4.0.4, insights-client 4.0.4, rbac-client 9.0.3, host-inventory-client 5.0.3, frontend-components 7.7.2, and others. The payload is a self-propagating [im…

• @mitsuhiko Armin Ronacher on x

  Another case where OICD did jack shit to prevent anything. RedHat JS packages got compromised. https://www.stepsecurity.io/ ...

• @socketsecurity @socketsecurity on x

  This is an active and expanding campaign. Malware analysis, IOCs, and campaign tracking here: https://socket.dev/...

• @socketsecurity @socketsecurity on x

  🚨 Active supply chain attack: A mini Shai-Hulud campaign hit npm packages under the @ redhat-cloud-services namespace. The compromised packages execute install-time malware to harvest developer and CI/CD secrets, with encrypted exfiltration and GitHub-based fallback mechanisms. […

• @nixCraft@mastodon.social @nixCraft@mastodon.social on mastodon

  Heads up!  Several packages in the redhat-cloud-services npm scope were found to carry malicious payloads that fire via a preinstall hook on every npm install.  The affected versions span multiple packages across the RedHat Cloud Services frontend ecosystem. …

• r/cybersecurity r on reddit

  NPM packages from RedHat Compromised

• r/programming r on reddit

  @redhat-cloud-services publish pipeline is compromised today and shipped a signed, trusted, malicious npm package

• r/linux r on reddit

  Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm