Supply Chain Attack Hits 32 Red Hat NPM Packages

Hackers hit Red Hat's NPM, injecting malware in 32 packages. Users must update and secure credentials as 10M downloads are compromised.

By Content Team

Jun 2, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Hackers targeted Red Hat's NPM repository Monday, publishing malicious versions of 32 packages in just 72 seconds — almost certainly automated. The poisoned packages span Red Hat's entire Hybrid Cloud Console JavaScript ecosystem, with nearly 10 million collective downloads combined.

The malware, linked to a worm called "Mini Shai-Hulud" from hacking group TeamPCP, harvests GitHub secrets, cloud credentials, SSH keys, Kubernetes material, and more — then exfiltrates everything to attacker-controlled servers. At least 210 repositories containing stolen credentials have already been identified.

Red Hat has published clean versions of all 32 packages. Anyone who installed a compromised version should treat their environment as breached and rotate all credentials immediately.

Source: SecurityWeek

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Adobe Patches Zero-Day Vulnerability Exploited for Months

Apr 14, 2026

Python Repositories Hit by Sophisticated Malware Campaign Using Stolen VS Code Credentials

Mar 17, 2026

Notepad++ Update System Hijacked in Months-Long Supply Chain Attack

Feb 7, 2026

AI-Assisted Scan Uncovers 9-Year-Old Linux Vulnerability Affecting Every Modern Build

May 1, 2026