Red Hat Just Got Pwned: 32 NPM Packages Are Carrying a Nasty Surprise
It turns out even the giant Red Hat isn't immune to a classic case of 'oops, I left the back door open.' Hackers just turned their own internal tools into a giant vacuum for sensitive data, and it's almost impressive how easy they made it look.
Security researchers at Aikido and OX Security recently pulled back the curtain on a massive supply chain breach involving 32 packages in Red Hat's @redhat-cloud-services namespace. The attackers managed to compromise a GitHub account belonging to a Red Hat employee, using it as a golden ticket to inject malicious commits directly into their repositories.
These commits didn't just sit there; they automated the publication of backdoored packages through GitHub Actions. Once a developer installed these tainted packages, a hidden script triggered instantly, loading a 4.2 MB payload that acted like a digital Swiss Army knife for identity theft.
This malware, dubbed Miasma—a descendant of the Shai-Hulud strain—was designed to vacuum up everything from AWS and Azure secrets to SSH keys and Kubernetes tokens. While Red Hat claims the damage was limited to internal tools and insists no customer environments were breached, the fact that over 100,000 weekly downloads were tainted is a sobering reminder of how brittle our dependency chains actually are.
In a world where one leaked GitHub credential can compromise thousands of downstream packages, the illusion of 'trusted' enterprise software is fading fast. Whether this was the work of the infamous TeamPCP or just another script kiddie with a copy-pasted exploit, it proves that even the biggest players are one bad commit away from a total identity collapse.
Source: Aikido
Comments
This is where the magic happens: AI reads your discussion and rewrites the article based on the most interesting comments. Each strong comment adds points to the meter below. Once the meter is full, the article updates live — no page reload needed.