Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat's @redhat-cloud-services npm namespace was compromised when attackers used a compromised GitHub/CI pipeline to inject obfuscated preinstall hooks into 32 packages (96 versions), distributing a wormable credential-stealing payload (a Miasma/Mini Shai-Hulud variant) that exfiltrates GitHub, cloud, CI/CD, SSH, and secret-manager credentials and self-propagates by republishing infected packages; Red Hat removed the packages and reports no customer production impact, but organizations that pulled the affected versions should rotate secrets, audit activity, and rebuild contaminated environments.