logo

Dozens of Red Hat packages backdoored through its official NPM channel

ID: d96a80f7-c45b-5a50-8da9-27604b65cfaa

STIX ID: report--d96a80f7-c45b-5a50-8da9-27604b65cfaa

Feed Name: Ars Technica Security (category)

Threat Score
85/100

Date Published: 2026-06-01

Date Updated: 2026-06-03

Author: Dan Goodin

...
...

The report describes an active supply-chain malware campaign centered on a worm called Shai-Hulud, released publicly and used by the threat group TeamPCP to target CI/CD pipelines (notably GitHub Actions OIDC) and harvest CI/CD and cloud credentials; Red Hat removed malicious internal packages after detection, and organizations touching affected packages are advised to assume compromise of workstations, pipelines, and credentials.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.