Slow Fog: Red Hat cloud service npm package suffers from active supply chain attacks, with stolen credentials found in over 300 GitHub repositories
SlowMist has issued a security alert, detecting an active npm supply chain attack targeting @redhat-cloud-services related packages. Currently, over 31 packages have been confirmed affected, with a weekly download volume of approximately 116,000 times, and stolen credentials exist in more than 300 GitHub repositories. This attack method is highly similar to the previous "Shai-Hulud" npm attack, including credential theft, creation of malicious repositories, and automated secret leakage. New suspicious repositories continue to emerge, indicating that the attack is still ongoing, and developers are still being continuously infected.
Potential harms include: theft of GitHub/npm tokens, leakage of AWS/GCP/Azure cloud credentials, collection of SSH keys and Kubernetes secrets, leakage of local environment and wallet data, creation of malicious repositories and persistence operations, and even potentially destructive actions after tokens are revoked. It is recommended to immediately remove or downgrade affected @redhat-cloud-services package versions, conduct a comprehensive audit of CI/CD workflows and dependency installations, rotate all GitHub, npm, cloud service, SSH, and wallet-related keys, retain logs, and rebuild exposed developer machines or Runners from clean images while maintaining a high level of vigilance.
You may also like
Why do I still have confidence in ETH?
CRCL surges and plummets, COIN follows with a dive: The real battle for interests behind the CLARITY Act
What Is TradFi and Why Is Everyone Talking About It in 2026?
From Poland to Paris: A Look Back at WEEX's Global Community Journey in May 2026
WEEX WXT Eco Carnival: How to Join WXT Events and Plan Trading Tasks
The WEEX WXT Eco Carnival is an ecosystem campaign built around WEEX Token (WXT), designed for users interested in platform tokens, spot trading, futures trading, deposit tasks, and referral rewards.
WSJ: Hyperliquid is becoming Wall Street's crypto "convenience store"
Morning Report | Robinhood completes acquisition of WonderFi for $180 million; Anthropic submits IPO draft application to SEC confidentially; Google plans to raise $80 billion in financing
Morning Report | Strategy sold 32 BTC and over 800,000 shares of MSTR last week; Binance officially announced its U.S. stock trading portal; Polymarket reached an exclusive partnership with OneFootball
Zhou Hang: How much is SpaceX really worth?
IOSG: From Coinbase to Upbit: How a Token Completes a 28-Day Journey of Taking Over
Exclusive Interview with Alpaca CEO: What is the background of the US stock underlying service provider behind Binance and Bitget?
Variant: Three types of L1 assets are highly likely to become the main means of value storage
Does the performance on Perp DEX become an "invisible threshold" and "amplifier" for new coins to go live on CEX?
a16z Crypto's latest article: Why do we need to predict the market?
Strategy cashes out 2.5 million USD, but Bitcoin's market value dropped by 80 billion USD in one day
Collective Change of Ownership for Crypto Exchanges? The Positioning Competition Among South Korean Financial Giants
WEEXPERIENCE Trading Bootcamp in Poland: How WEEX & FireCrew Are Making Crypto Trading Accessible to Everyone
Paris Reigns Supreme: How PSG Crushed Arsenal’s Dream in a Historic UCL Final Thriller
Why do I still have confidence in ETH?
CRCL surges and plummets, COIN follows with a dive: The real battle for interests behind the CLARITY Act
What Is TradFi and Why Is Everyone Talking About It in 2026?
From Poland to Paris: A Look Back at WEEX's Global Community Journey in May 2026
WEEX WXT Eco Carnival: How to Join WXT Events and Plan Trading Tasks
The WEEX WXT Eco Carnival is an ecosystem campaign built around WEEX Token (WXT), designed for users interested in platform tokens, spot trading, futures trading, deposit tasks, and referral rewards.
WSJ: Hyperliquid is becoming Wall Street's crypto "convenience store"
Popular coins
Latest Crypto News
