Вход на сайт

Просмотр новости

Найдите то, что Вас интересует

Several npm repositories compromised

Дата публикации: 01-06-2026 00:00:00



Основное содержимое страницы с новостью.

Headlines
2026-06-01 Several npm repositories compromised
redhat
Developers who use the npm repositories should check which repositories they are using and possibly change their security tokens (keys and passwords) after it was discovered over 30 packages have been compromised. Aikido Dev reports: "On June 1, 2026, we detected multiple official packages from the @redhat-cloud-services scope on npm were compromised with a credential-stealing worm. Over 30 packages seem to be affected. The malware appears similar to the Mini Shai-Hulud malware that was recently open-sourced by TeamPCP. Since the tooling was made publicly available, other threat actors now have access to the same techniques and can replicate or adapt them. The packages were published via GitHub Actions OIDC, indicating the CI/CD pipeline was compromised rather than an npm token. If you have installed any affected package versions since June 1, 2026, treat all CI secrets, cloud credentials, SSH keys, and npm tokens as compromised and rotate them immediately."

According to the notice, it looks as though the compromised packages came from a Red Hat employee's account: "We found a Red Hat employee's GitHub account was compromised and used to push malicious orphan commits directly to several repositories, bypassing code review entirely."


More headlines from this project     Back to News
TUXEDO
TUXEDO Computers

TUXEDO Computers - Linux Hardware in a tailor made suite
Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!

Learn more about our full service package and all benefits from buying at TUXEDO.


Advertisement

Star Labs

Star Labs Systems | Laptops designed for Linux

Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.


Схожие новости

#Наименование новостиТональностьИнформативностьДата публикации
1Arch User Repository hit with more attacks0519-06-2026
2Arch Linux reports malicious incident in AUR repository0512-06-2026
3Хакеры взломали два аккаунта Facebook в Twitter0008-02-2020
4OpenMandriva on attempted distribution sabotage0508-07-2026
5Microsoft’s open source tools were hacked to steal passwords of AI developers-2608-06-2026
6Атакована недоисправленная уязвимость в Windows-2609-07-2026
7Государственные ресурсы Белоруссии подверглись DDoS-атаке0009-08-2020
8Хакеры атаковали несколько интернет-компаний с помощью уязвимостей реестра Роскомнадзора0014-03-2019
9 Malicious GitHub Repositories Could Trick AI Coding Agents Into Running Hidden Malware, Researchers Warn 0728-06-2026

Классификация: Происшествия. Схожих патентов: 0. Схожих новостей: 9. Тональность: 0. Информативность: 5. Источник: distrowatch.com.