Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week

A supply-chain infection used compromised Red Hat npm package releases to deliver a Mini Shai-Hulud–style worm via npm preinstall hooks; the malware actively steals GitHub Actions secrets, npm tokens, cloud credentials (GCP and Azure), SSH and Git credentials, and includes encrypted exfiltration and propagation mechanisms. Researchers observed the infected packages being downloaded at scale (~80,000 downloads per week), declared the threat live, and reported the packages were removed while investigations continue.