RED Hat's official NPM accounts were compromised, leading to a malicious worm, named Shai-Hulud, affecting over 30 packages. This worm collects sensitive credentials during the npm install process and spreads by republishing backdoored packages. Investigations suggest the breach stemmed from compromised credentials, possibly from a previous supply-chain attack. Organizations that installed the affected packages in the last 36 hours are advised to consider their systems potentially compromised.
The malware specifically targets CI/CD systems and can publish stolen credentials to compromised GitHub repositories. Immediate action is recommended for affected entities to assess and mitigate the damage.