Slow Fog: Red Hat cloud service npm package suffers from active supply chain attacks, with stolen credentials found in over 300 GitHub repositories
By: rootdata|2026/06/03 04:45:01
0
Share
SlowMist has issued a security alert, detecting an active npm supply chain attack targeting @redhat-cloud-services related packages. Currently, over 31 packages have been confirmed affected, with a weekly download volume of approximately 116,000 times, and stolen credentials exist in more than 300 GitHub repositories. This attack method is highly similar to the previous "Shai-Hulud" npm attack, including credential theft, creation of malicious repositories, and automated secret leakage. New suspicious repositories continue to emerge, indicating that the attack is still ongoing, and developers are still being continuously infected.
Potential harms include: theft of GitHub/npm tokens, leakage of AWS/GCP/Azure cloud credentials, collection of SSH keys and Kubernetes secrets, leakage of local environment and wallet data, creation of malicious repositories and persistence operations, and even potentially destructive actions after tokens are revoked. It is recommended to immediately remove or downgrade affected @redhat-cloud-services package versions, conduct a comprehensive audit of CI/CD workflows and dependency installations, rotate all GitHub, npm, cloud service, SSH, and wallet-related keys, retain logs, and rebuild exposed developer machines or Runners from clean images while maintaining a high level of vigilance.
You may also like
Who is leading the price discovery in the cryptocurrency market? Measured delays on platforms like Binance and Hyperliquid
There is a saying circulating on crypto Twitter: Hyperliquid has replaced Binance and become the center of crypto price discovery. Arrakis conducted a cross-platform test using the tick-by-tick transaction data from 29 perpetual markets, and the truth lies within milliseconds.
Privacy coin trust crisis! ZEC plummets over 56% in a single day
The recent increase in ZEC is nearly 3 times, and the vulnerability news may have just provided an opportunity to exit.
What Is SpaceX IPO and Why Is Everyone Talking About It?
What is SpaceX IPO? Learn why investors are watching SpaceX's potential $1.77 trillion public debut, from Starlink and AI to Mars ambitions, valuation risks, and pre-IPO trading opportunities.
Macroeconomic Analysis of the African Payment Market Landscape
Why mobile payments and cryptocurrencies thrive in the absence of banks
Morning News | Bitmine issues preferred shares to raise $300 million; Polymarket accuses Kalshi of industrial espionage
Overview of Important Market Events on June 4th
Morning Report | Coinbase Ventures makes its first investment in ENA; SpaceX plans to set the IPO price at $135 per share
Overview of Important Market Events on June 3rd
Full text and analysis of the speech by the CEO of SanDisk at the 42nd Annual Strategic Decision Conference of Bernstein
The core value of Goeckeler's speech lies in its provision of a highly transparent and logically clear narrative framework for corporate transformation.
Bitcoin Price Prediction 2030: Ark Invest Forecasts $710K
Explore Ark Invest and Standard Chartered bitcoin price prediction 2030 forecasts, plus key risks and how to position your portfolio. Full analysis on WEEX.
WEEX Review 2026: Fees, Security and Trading Features
Read our in-depth WEEX review covering fees, security, copy trading, and 400x leverage. See how it compares to Binance and Bybit. Full analysis on WEEX.
SOL Price Today: Live Solana Price, Charts & Market Data
Find the SOL price today with real-time data, plus key drivers behind Solana's movement and actionable trading tips. Read the full analysis on WEEX.
What Is a Bitcoin ETF: Spot vs Futures Explained
Learn what a Bitcoin ETF is, how spot vs. futures ETFs work, and why institutional inflows are reshaping BTC in 2026. WEEX analysis.
Why Is Bitcoin Dropping 15% While Nasdaq Hits Record Highs?
Bitcoin plunges 15% to $66K amid geopolitical tension fears while Nasdaq soars to all-time highs. Analysis of macroeconomic drivers, ETF flows, retail vs. whale behavior, and the hidden correlation between crypto and stocks.
Morning Report | Robinhood completes acquisition of WonderFi for $180 million; Anthropic submits IPO draft application to SEC confidentially; Google plans to raise $80 billion in financing
Overview of Important Market Events on June 2nd
WSJ: Hyperliquid is becoming Wall Street's crypto "convenience store"
Hyperliquid has become a 24/7 trading venue, with more and more traditional and cryptocurrency traders flocking to the platform to bet on almost all assets.
Why do I still have confidence in ETH?
As stablecoins and RWAs accelerate on-chain, Ethereum's role as a global value settlement layer has only just begun, and the market will eventually reprice ETH.
CRCL surges and plummets, COIN follows with a dive: The real battle for interests behind the CLARITY Act
The leak of the CLARITY bill draft has triggered a plunge in Circle and Coinbase, directly hitting the core provision of the stablecoin "ban on interest," revealing the deep political and economic game in Washington's strict prevention of stablecoins evolving into on-chain savings accounts and the c...
Tokenized US stocks are not the "liquidity killer" of the crypto market
"As garbage coins are gradually eliminated, the protocols, infrastructure, and financial products that can truly create value have the opportunity to obtain a more reasonable valuation."
What Is TradFi and Why Is Everyone Talking About It in 2026?
Gold is rallying, SpaceX is heading for a historic IPO, and oil remains highly volatile. Discover why TradFi is back in focus and how crypto traders can access these opportunities with USDT. Put another way, TradFi Is Having Its Biggest Moment Ever, and Crypto Traders Are Perfectly Positioned
Who is leading the price discovery in the cryptocurrency market? Measured delays on platforms like Binance and Hyperliquid
There is a saying circulating on crypto Twitter: Hyperliquid has replaced Binance and become the center of crypto price discovery. Arrakis conducted a cross-platform test using the tick-by-tick transaction data from 29 perpetual markets, and the truth lies within milliseconds.
Privacy coin trust crisis! ZEC plummets over 56% in a single day
The recent increase in ZEC is nearly 3 times, and the vulnerability news may have just provided an opportunity to exit.
What Is SpaceX IPO and Why Is Everyone Talking About It?
What is SpaceX IPO? Learn why investors are watching SpaceX's potential $1.77 trillion public debut, from Starlink and AI to Mars ambitions, valuation risks, and pre-IPO trading opportunities.
Macroeconomic Analysis of the African Payment Market Landscape
Why mobile payments and cryptocurrencies thrive in the absence of banks
Morning News | Bitmine issues preferred shares to raise $300 million; Polymarket accuses Kalshi of industrial espionage
Overview of Important Market Events on June 4th
Morning Report | Coinbase Ventures makes its first investment in ENA; SpaceX plans to set the IPO price at $135 per share
Overview of Important Market Events on June 3rd
Popular coins
Latest Crypto News
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
