Hackers conducted a supply chain attack on Red Hat's NPM repository, injecting 96 malicious versions across 32 packages within the Red Hat Hybrid Cloud Console JavaScript ecosystem. The malware, a variant of the Mini Shai-Hulud worm, was delivered via a preinstall hook that executed during npm install, before the packages were imported or used. It harvested a wide range of sensitive credentials including GitHub Actions secrets, npm tokens, cloud credentials, Kubernetes and Vault materials, SSH keys, and Git credentials. The attackers likely compromised the CI/CD pipeline and used GitHub Actions OIDC and @redhat-cloud-services NPM scope credentials to publish the poisoned packages. The malware exfiltrated stolen data to attacker-controlled servers and used GitHub-based fallback mechanisms to publish stolen information publicly. Red Hat has removed the malicious package versions and released clean versions. The full infection scope is still being assessed, but at least 210 repositories with stolen credentials have been identified.

The attack compromised the integrity of 32 widely used Red Hat NPM packages, potentially affecting millions of users and developers who downloaded these packages. The malware stole a broad range of sensitive credentials and tokens, risking further compromise of developer environments, cloud infrastructure, and source code repositories. At least 210 repositories have been identified with stolen credentials, indicating significant downstream impact. Users who installed the malicious packages may have had their build environments and systems compromised, requiring immediate remediation.

Red Hat maintainers have removed the malicious package versions from NPM and published clean releases. Users should update immediately to the clean versions of all affected packages. Anyone who installed a malicious version must assume their systems and build environments are compromised and should promptly rotate all credentials, tokens, API keys, and other sensitive information that may have been accessed by the malware. Developers should also audit transitive dependencies for affected packages and monitor their environments for unusual outbound network connections. No additional vendor advisory was provided, so patch status is confirmed by the removal of malicious versions and publication of clean releases.