Hackers targeted Red Hat's NPM repository Monday, publishing malicious versions of 32 packages in just 72 seconds — almost certainly automated. The poisoned packages span Red Hat's entire Hybrid Cloud Console JavaScript ecosystem, with nearly 10 million collective downloads combined.
The malware, linked to a worm called "Mini Shai-Hulud" from hacking group TeamPCP, harvests GitHub secrets, cloud credentials, SSH keys, Kubernetes material, and more — then exfiltrates everything to attacker-controlled servers. At least 210 repositories containing stolen credentials have already been identified.
Red Hat has published clean versions of all 32 packages. Anyone who installed a compromised version should treat their environment as breached and rotate all credentials immediately.
Source: SecurityWeek