Red Hat's official NPM channel was compromised, leading to the distribution of malicious packages that spread as a worm to steal sensitive credentials. The attack affected over 30 packages and remained active at the time of reporting, with the malware designed to collect GitHub secrets, npm tokens, and cloud service credentials. The worm propagates by republishing backdoored packages to other accounts accessible from infected systems.
Background
Supply chain attacks have become increasingly common in recent years, with attackers targeting widely-used software repositories to distribute malware. NPM, being one of the largest package managers for JavaScript, is a frequent target for such attacks.
- Source
- Ars Technica
- Published
- Jun 2, 2026 at 03:49 AM
- Score
- 9.0 / 10