A supply-chain attack compromised official Red Hat NPM accounts (@redhat-cloud-services) to push backdoored packages...
A supply-chain attack compromised official Red Hat NPM accounts (@redhat-cloud-services) to push backdoored packages that execute during npm install.
signal brief
A supply-chain attack compromised official Red Hat NPM accounts (@redhat-cloud-services) to push backdoored packages that execute during npm install. The worm collects sensitive credentials, including GitHub action secrets, npm tokens, Kubernetes and Vault material, then spreads by republishing to other accounts. The attack is active as of June 1, 2026, and researchers at Aikido and Socket confirm the payload encrypts credentials and exfiltrates them via web requests or compromised GitHub repositories. This directly threatens GitHub users' CI/CD pipelines and secrets. Source: Ars Technica. Additionally, a separate Windows Server vulnerability (CVE-2026-41089) with a public GitHub PoC is being exploited in the wild, further highlighting security risks on the platform. Source: Tom's Hardware. These incidents undermine trust in GitHub's ecosystem for software development and AI infrastructure.
evidence
- https://www.digitimes.com/news/a20260529VL206/supplier-governance-policy-data.htmlweb
- https://www.tomshardware.com/tech-industry/cyber-security/windows-server-vulnerability-can-grant-system-privileges-with-just-a-malformed-packet-domain-controllers-are-being-exploited-in-the-wildweb
- https://arstechnica.com/security/2026/06/dozens-of-red-hat-packages-backdoored-through-its-offical-npm-channel/web
- https://www.reddit.com/r/MachineLearning/comments/1tukrf4/browse_cvpr_2026_papers_on_paperswithcode_p/reddit
- https://www.reddit.com/r/MachineLearning/comments/1ttwfuy/realtime_multilingual_asr_using_rolling_buffers/reddit
- https://www.reddit.com/r/LocalLLaMA/comments/1tuloot/model_support_step37flash_by_forforever73_pull/reddit
- https://www.reddit.com/r/LocalLLaMA/comments/1tuidav/adelicllama318binstruct_breakthrough_research/reddit
- https://www.reddit.com/r/LocalLLaMA/comments/1tuf5dh/github_googlegemmagemmaskills_skills_for_the/reddit
- https://www.reddit.com/r/LocalLLaMA/comments/1tu9i1d/linux_rocm_now_supports_wsl2_sanely_but_isnt_bug/reddit
- https://www.reddit.com/r/startups/comments/1tu29jf/how_to_tell_if_your_startup_actually_needs/reddit
- https://www.reddit.com/r/SaaS/comments/1tukvmw/drop_your_saas_website_and_ill_send_you_a_free/reddit
- https://www.reddit.com/r/ExperiencedDevs/comments/1ttyp80/as_a_developer_would_you_be_okay_with_your/reddit
- https://www.reddit.com/r/webdev/comments/1ttzvln/cicd_self_hosted_runner_and_with_live_junction/reddit
- https://www.reddit.com/r/devops/comments/1tu9daw/associate_degree_or_computer_science/reddit
- https://www.reddit.com/r/devops/comments/1tttm47/i_tried_making_arc_as_solution_for_runner_pools/reddit
- https://github.comgithub
- https://eblog.fly.dev/githubbad.htmlweb
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.