TI Mindmap HUB
Threat Intelligence Report

Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm

๐Ÿ“… June 3, 2026 ๐Ÿ“ฐ www.aikido.dev ๐Ÿ” 0 CVE(s) referenced

A sophisticated credential-stealing worm, leveraging open-sourced supply chain malware, has compromised dozens of official @redhat-cloud-services npm packages by infiltrating GitHub Actions workflows, putting all CI secrets, cloud credentials, and developer tokens at risk and requiring immediate rotation.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

๐Ÿ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

๐Ÿ“Š Visual Mindmap
๐ŸŽฏ IOC Extraction
โš”๏ธ MITRE ATT&CK TTPs
๐Ÿ“ฆ STIX 2.1 Bundle