A significant npm supply chain attack has been detected by SlowMist, targeting Red Hat cloud service packages. The attack has compromised over 31 packages, which collectively see around 116,000 downloads weekly, and has affected more than 300 GitHub repositories by stealing credentials. The attack mirrors previous Shai-Hulud npm attacks, employing techniques such as credential collection and malicious repository creation.
The ongoing threat, identified by the tag "Miasma: The Spreading Blight," continues to compromise users, with suspicious repositories still emerging. Attackers are reportedly stealing GitHub and npm tokens, as well as AWS, GCP, and Azure credentials, among other sensitive data. SlowMist advises users to remove or downgrade affected package versions, audit CI/CD pipelines, rotate keys and credentials, and rebuild compromised environments from clean images to mitigate the attack's impact.
Red Hat Cloud Services Hit by npm Supply Chain Attack, Over 300 Repositories Affected
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.