Unknown attackers have compromised over 30 Red Hat Cloud Services npm packages. The malware targets credentials stored in developer build environments, aiming to steal sensitive information. These compromised packages were published across two distinct GitHub source repositories. This occurred on June 1, 2026, with timestamps between 10:53 and 10:53:33 UTC, and again from 13:44 to 13:46:47 UTC.
Unknown attackers have compromised over 30 Red Hat Cloud Services npm packages. The malware targets credentials stored in developer build environments, aiming to steal sensitive information.
These compromised packages were published across two distinct GitHub source repositories. This occurred on June 1, 2026, with timestamps between 10:53 and 10:53:33 UTC, and again from 13:44 to 13:46:47 UTC.
Wiz Security reported that a specific Red Hat employee's GitHub account was compromised. This account was then used to push malicious orphan commits, indicating a deeper breach.