ON Monday, Red Hat's NPM repository suffered a supply chain attack where hackers maliciously published 32 compromised packages aimed at distributing a credential-stealing worm. The attack likely involved automation, compromising the CI/CD pipeline using GitHub Actions OIDC. The malware harvested sensitive data from environments, such as GitHub tokens and cloud credentials, and attempted to exfiltrate information to an attacker-controlled server.
Red Hat has released clean versions of the affected packages and encourages users to update immediately and rotate any potentially compromised credentials. The attack highlights vulnerabilities in widely used open-source components.