THE article discusses a critical alert regarding an exploit detected in Oracle WebLogic Server (CVE-2024-21182) and highlights a recent supply chain compromise involving Red Hat's NPM packages. Adversaries managed to upload malicious packages that exploit the Mini Shai-Hulud worm architecture, targeting sensitive administrative credentials and facilitating lateral movement within development environments.
The breach was traced back to a compromised GitHub credential of a Red Hat engineer, allowing unauthorized access to the NPM publishing framework. Key vulnerabilities are identified in the NPM Trusted Publishing mechanisms, emphasizing a severe single point of failure once developers' accounts are hijacked. The compromised assets include GitHub Actions orchestration keys, AWS tokens, Google Cloud credentials, and more.