Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account
32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack.
Red Hat
16 articles
Red Hat Confirms Supply Chain Breach Impacting @redhat-cloud-services npm Packages
Red Hat has confirmed a supply chain security breach impacting multiple npm packages under the @redhat-cloud-services namespace, as detailed in security bull...
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer sy...
Red Hat removes tainted packages after software pipeline compromise
According to the company’s preliminary analysis, a compromised GitHub account was used to push the malicious code out to customers, hitting 32 packages downl...
Infected Red Hat npm packages expose developer credentials
Developers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead. Security researchers ...
Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets
Attackers backdoored 32 packages in Red Hat's official npm scope to steal cloud and CI secrets
Supply Chain Attack Hits 32 Red Hat NPM Packages
Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. The post Supply Chain Attack Hits 32 Re...
Red Hat npm packages compromised in new Mini Shai-Hulud malware wave
Unknown attackers have compromised 30+ Red Hat Cloud Services npm packages with malware that goes after credentials stored in developers’ build environment. ...
Red Hat Cloud Services npm Packages Hijacked in Credential-Theft Malware Campaign
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of devel...
Red Hat npm packages compromised to steal developer credentials
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the ...
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from d...
Fedora Hummingbird brings the container security model to a Linux host OS
Container image security pipelines have spent the past several years pushing toward minimal footprints, hermetic builds, and continuous CVE remediation. The ...
Red Hat extends open source technology into space
Red Hat and Voyager Technologies announced the successful deployment of Red Hat Enterprise Linux 10.1 and Red Hat Universal Base Image (UBI) to Voyager’s LEO...
Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild
Dirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public.
Red Hat Enterprise Linux adds post-quantum security and AI-driven automation in latest releases
Red Hat has announced the upcoming general availability of Red Hat Enterprise Linux 10.2 and 9.
ZDI-26-232: (Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Red Hat Enterprise Linux. An attacker must first obtain the abi...