Threat Intelligence Report

Multiple redhat-cloud-services npm Packages compromised

📅 June 3, 2026 📰 www.stepsecurity.io 🔍 0 CVE(s) referenced

A sophisticated supply-chain attack has compromised multiple @redhat-cloud-services npm packages, deploying a multi-stage credential-stealing worm via preinstall hooks that targets CI/CD secrets, developer machines, and cloud credentials, while autonomously propagating through npm accounts—even those protected by 2FA.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle