← signals
2026-06-02·GITHUB·supply chain disruption
meddown

A supply-chain attack compromised official Red Hat NPM accounts (@redhat-cloud-services) to push backdoored packages...

A supply-chain attack compromised official Red Hat NPM accounts (@redhat-cloud-services) to push backdoored packages that execute during npm install.

window 10devidence 17confidence score 100

confidence score

Strong evidence: 6 independent source classes support this read.

100
medium confidence6 independent source classesnewsothercommunitydeveloperpasses publish gate

signal brief

A supply-chain attack compromised official Red Hat NPM accounts (@redhat-cloud-services) to push backdoored packages that execute during npm install. The worm collects sensitive credentials, including GitHub action secrets, npm tokens, Kubernetes and Vault material, then spreads by republishing to other accounts. The attack is active as of June 1, 2026, and researchers at Aikido and Socket confirm the payload encrypts credentials and exfiltrates them via web requests or compromised GitHub repositories. This directly threatens GitHub users' CI/CD pipelines and secrets. Source: Ars Technica. Additionally, a separate Windows Server vulnerability (CVE-2026-41089) with a public GitHub PoC is being exploited in the wild, further highlighting security risks on the platform. Source: Tom's Hardware. These incidents undermine trust in GitHub's ecosystem for software development and AI infrastructure.

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.

score history

windowreturnoutcome
10dpending