Slow Fog: Red Hat cloud service npm package suffers from active supply chain attacks, with stolen credentials found in over 300 GitHub repositories
By: rootdata|2026/06/03 04:45:01
0
Share
SlowMist has issued a security alert, detecting an active npm supply chain attack targeting @redhat-cloud-services related packages. Currently, over 31 packages have been confirmed affected, with a weekly download volume of approximately 116,000 times, and stolen credentials exist in more than 300 GitHub repositories. This attack method is highly similar to the previous "Shai-Hulud" npm attack, including credential theft, creation of malicious repositories, and automated secret leakage. New suspicious repositories continue to emerge, indicating that the attack is still ongoing, and developers are still being continuously infected.
Potential harms include: theft of GitHub/npm tokens, leakage of AWS/GCP/Azure cloud credentials, collection of SSH keys and Kubernetes secrets, leakage of local environment and wallet data, creation of malicious repositories and persistence operations, and even potentially destructive actions after tokens are revoked. It is recommended to immediately remove or downgrade affected @redhat-cloud-services package versions, conduct a comprehensive audit of CI/CD workflows and dependency installations, rotate all GitHub, npm, cloud service, SSH, and wallet-related keys, retain logs, and rebuild exposed developer machines or Runners from clean images while maintaining a high level of vigilance.
You may also like
Citibank releases "2030 Asset Tokenization Market Outlook": 6 major trends may create a $8.2 trillion market
The tokenization of financial assets is moving from pilot projects to large-scale implementation, but this is a gradual evolution rather than a fierce revolution.
The trillion-dollar valuation test: Are the three major super IPOs a celebration for tech stocks or a nightmare for the crypto market?
Tech giants like SpaceX and OpenAI have sparked a $35 trillion super IPO wave. The "suction effect" is not enough to crash the stock and crypto markets, but the test of high valuations is just beginning.
Morning Report | Digital Asset completes $355 million financing led by a16z Crypto; Meta completes operational separation from Manus
Overview of Important Market Events on June 11
a16z Crypto Partner: Cash flow is the moat
Most companies spend years creating network effects on traditional infrastructure. Crypto founders inherit them as starting conditions.
Cryptocurrency market makers collectively seek change as it becomes increasingly difficult to make money
There is more and more to do.
How TradeXYZ, xStocks, and Alpaca break down the SpaceX IPO into three different strategies
The value of tokenized products ultimately depends on whether the underlying structure is sound, rather than just the price displayed on the interface.
$75 billion in risk asset redistribution: How will SpaceX's IPO affect U.S. stocks and Bitcoin?
The SpaceX IPO is short-term "capital competition" for the cryptocurrency market, while in the medium to long term, it leans towards "narrative endorsement" for Bitcoin.
Why Is BlackRock Investing $5 Billion in the SpaceX IPO?
What is driving the massive demand for the SpaceX IPO, and why did BlackRock place a $5 billion order? Learn how the historic listing could impact SpaceX stock, Bitcoin, SPCX, and crypto markets.
Morning News | CME Group launches Nasdaq Cryptocurrency Index futures; Asset management giant Janus Henderson strategically invests in Ethena
Overview of Important Market Events on June 10
Bitcoin Layer 2 Network Botanix: Why Did We Choose to Dissolve?
The Bitcoin L2 star project Botanix announced a gradual shutdown, with the team admitting to facing severe challenges from the failure of its business model and the prevailing trends. Users are urged to withdraw all assets before July 9, 2026.
Why did Oracle deliver the strongest financial report in history, yet its stock price fell?
Oracle's revenue for fiscal year 2026 set a record, with AI cloud orders soaring to $638 billion, but massive capital expenditures on computing power led to negative free cash flow, causing a 5% drop in after-hours stock prices.
When the P2P illicit funds from ten years ago turned into 60,000 bitcoins
The largest Bitcoin money laundering case in the UK has new developments: 16,000 Chinese victims are pursuing 61,000 seized Bitcoins across borders, and the dispute over the applicability of UK and Chinese laws will directly determine whether the victims can share in the soaring profits.
Dialogue with OmenX Founder: Why does the prediction market need an evolution from "spot" to "derivatives"?
How to reconstruct the prediction market using leverage?
Galaxy in-depth report: Is Solana still worth paying attention to?
Solana did not fall behind during the bear market. Trading enthusiasm has waned, but the network is more stable, RWA and stablecoins are expanding, and the capital foundation is much thicker than in the previous cycle. The real question is: when the speculative tide recedes, can perpetuals, predicti...
Young people in South Korea make a "final effort" in the epic bull market
The South Koreans' average of two accounts for wildly gambling in the chip bull market reflects the survival anxiety and harsh reality of countless young people trying to break through class barriers behind the nationwide stock trading frenzy for wealth.
The pricing controversy of Trade.xyz exposes the fatal weakness of Pre-IPO perpetual contracts
SpaceX's equity update has sparked controversy over on-chain liquidations. Trade.xyz refuses to reset the SPCX pricing, and the lack of a Rebase mechanism in Perp DEX has led to a significant trust test for on-chain Pre-IPO assets.
How much longer can Ethereum's last big buyer hold on?
According to Bitmine's current buying pace, the 5% target is expected to be reached next month, and at that time, there may be no further increases in holdings. So, who will fill the buying gap for Ethereum?
World Cup 2026 Coming – WEEX Celebrates with $1M Prize Pool & Michael Owen Live
The 2026 FIFA World Cup is hours away. WEEX unveils the “World Cup x Dice Rush” campaign with a 1,000,000 USDT prize pool. Plus, Michael Owen reunites with WEEX COO for an exclusive pre-match livestream. Join now!
Citibank releases "2030 Asset Tokenization Market Outlook": 6 major trends may create a $8.2 trillion market
The tokenization of financial assets is moving from pilot projects to large-scale implementation, but this is a gradual evolution rather than a fierce revolution.
The trillion-dollar valuation test: Are the three major super IPOs a celebration for tech stocks or a nightmare for the crypto market?
Tech giants like SpaceX and OpenAI have sparked a $35 trillion super IPO wave. The "suction effect" is not enough to crash the stock and crypto markets, but the test of high valuations is just beginning.
Morning Report | Digital Asset completes $355 million financing led by a16z Crypto; Meta completes operational separation from Manus
Overview of Important Market Events on June 11
a16z Crypto Partner: Cash flow is the moat
Most companies spend years creating network effects on traditional infrastructure. Crypto founders inherit them as starting conditions.
Cryptocurrency market makers collectively seek change as it becomes increasingly difficult to make money
There is more and more to do.
How TradeXYZ, xStocks, and Alpaca break down the SpaceX IPO into three different strategies
The value of tokenized products ultimately depends on whether the underlying structure is sound, rather than just the price displayed on the interface.
Popular coins
Latest Crypto News
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
