EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Over 30 Red Hat npm packages compromised in supply chain attack stealing developer credentials

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-06-01 21:38 UTCUpdated 2026-06-02 12:13 UTC
rss
supply_chain_attackmalwarenpmcredential_theftincident_response
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
Red Hat npm packages compromised to steal developer credentials
bleepingcomputer_all · News · bleepingcomputer.com · 2026-06-01 21:38 UTC
limited source diversity in top sources
View all evidence
Overview

A supply chain attack compromised more than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace, distributing a new variant of the Shai-Hulud malware called Miasma. This malware steals developer credentials, authentication tokens, and other secrets from developer environments.

Entities
Red HatShai-HuludMiasma
Score total
0.97
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
  • The infected packages were actively downloaded about 80,000 times weekly before removal.
  • This attack represents a new evolution of the Shai-Hulud malware family targeting npm supply chains.
  • Most infected packages have been removed, but developers must remain vigilant for similar supply chain threats.
Why it matters
  • Compromise of trusted npm packages risks widespread credential theft in developer environments.
  • Supply chain attacks on software ecosystems can propagate malware rapidly due to high download volumes.
  • Organizations relying on Red Hat Cloud Services packages must verify and remediate impacted dependencies promptly.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised to distribute a new variant of Shai-Hulud malware called Miasma that steals developer credentials.
How sources frame it
  • Bleepingcomputer_all: neutral
  • CSO Online: neutral
This incident underscores the persistent threat of supply chain attacks in open source ecosystems, emphasizing the need for continuous monitoring and rapid response to compromised packages.
All evidence
All evidence
Infected Red Hat npm packages expose developer credentials
CSO Online · csoonline.com · 2026-06-02 12:13 UTC
Red Hat npm packages compromised to steal developer credentials
bleepingcomputer_all · bleepingcomputer.com · 2026-06-01 21:38 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • CSO Online (1)
  • bleepingcomputer_all (1)
Top origin domains (this list)
  • csoonline.com (1)
  • bleepingcomputer.com (1)