Slow Fog: Red Hat cloud service npm package suffers from active supply chain attacks, with stolen credentials found in over 300 GitHub repositories
By: rootdata|2026/06/03 04:45:01
0
Share
SlowMist has issued a security alert, detecting an active npm supply chain attack targeting @redhat-cloud-services related packages. Currently, over 31 packages have been confirmed affected, with a weekly download volume of approximately 116,000 times, and stolen credentials exist in more than 300 GitHub repositories. This attack method is highly similar to the previous "Shai-Hulud" npm attack, including credential theft, creation of malicious repositories, and automated secret leakage. New suspicious repositories continue to emerge, indicating that the attack is still ongoing, and developers are still being continuously infected.
Potential harms include: theft of GitHub/npm tokens, leakage of AWS/GCP/Azure cloud credentials, collection of SSH keys and Kubernetes secrets, leakage of local environment and wallet data, creation of malicious repositories and persistence operations, and even potentially destructive actions after tokens are revoked. It is recommended to immediately remove or downgrade affected @redhat-cloud-services package versions, conduct a comprehensive audit of CI/CD workflows and dependency installations, rotate all GitHub, npm, cloud service, SSH, and wallet-related keys, retain logs, and rebuild exposed developer machines or Runners from clean images while maintaining a high level of vigilance.
You may also like
Morning Report | Strategy sold 32 BTC and over 800,000 shares of MSTR last week; Binance officially announced its U.S. stock trading portal; Polymarket reached an exclusive partnership with OneFootball
Overview of Important Market Events on June 1st
Zhou Hang: How much is SpaceX really worth?
Great companies do not equal good stocks: A deep analysis of why SpaceX's $1.75 trillion IPO valuation may contain a $1.25 trillion bubble, and retail investors should avoid blindly chasing "story premiums."
IOSG: From Coinbase to Upbit: How a Token Completes a 28-Day Journey of Taking Over
The IOSG report indicates that by 2026, the listing of tokens on first-tier exchanges has formed a highly structured path where Coinbase and ByBit are responsible for initial discovery, Binance quickly verifies and confirms, and Korean exchanges provide liquidity at the end.
Exclusive Interview with Alpaca CEO: What is the background of the US stock underlying service provider behind Binance and Bitget?
Binance and Bitget's underlying service provider in the US stock market, Alpaca, has entered the unicorn club with its "AWS of Finance" model, currently holding 94% of the tokenized US stock market share and is accelerating the transformation of global on-chain financial infrastructure.
Variant: Three types of L1 assets are highly likely to become the main means of value storage
The basic judgment factors include: technical durability, resistance to censorship, scarcity, economic productivity, etc.
Does the performance on Perp DEX become an "invisible threshold" and "amplifier" for new coins to go live on CEX?
The liquidity migration of the new currency in 2026 from the perspective of open interest (OI) and asset labels.
a16z Crypto's latest article: Why do we need to predict the market?
It turns people's judgments about the future into tradable probabilities. It has advantages in both predictive accuracy and coverage that traditional polls find hard to match, but whether it can realize its potential depends on whether it can solve the design challenges of transparency, insider info...
Strategy cashes out 2.5 million USD, but Bitcoin's market value dropped by 80 billion USD in one day
The market's reliance on this narrative of hoarding coins is more fragile than many people imagine.
Collective Change of Ownership for Crypto Exchanges? The Positioning Competition Among South Korean Financial Giants
Securities firms and banks work together to reposition the landscape of cryptocurrency in South Korea.
WEEXPERIENCE Trading Bootcamp in Poland: How WEEX & FireCrew Are Making Crypto Trading Accessible to Everyone
WEEX partnered with Firecrew in Poland on May 29th for the WEEXPERIENCE trading bootcamp. Read the recap of expert sessions on technical analysis, trading psychology, and AI tools that prove WEEX’s mission to make crypto trading accessible to everyone.
Paris Reigns Supreme: How PSG Crushed Arsenal’s Dream in a Historic UCL Final Thriller
PSG vs Arsenal, Drama, destiny, and a shattered 20-year curse. Relive the 2026 UCL Final where PSG defended their crown in a tense penalty shootout, as Ousmane Dembélé’s golden moment and one agonizing miss wrote history in Budapest.
Full text and analysis of the speech by the CEO of SanDisk at the 42nd Annual Strategic Decision Conference of Bernstein
The core value of Goeckeler's speech lies in its provision of a highly transparent and logically clear narrative framework for corporate transformation.
TaiJi completes $3.5 million strategic financing, with investments from Castrum Capital, Becker Ventures, and Coinvestor Ventures
The AI-driven Web3 on-chain market intelligence platform TaiJi announced the completion of a $3.5 million strategic financing, which will accelerate the construction of a new market AI simulation engine.
Bitcoin Stuck Near $73K? How Traders Are Finding Rewards in a Sideways June Market
Bitcoin is stuck near $73K as ETF flows cool and macro uncertainty keeps traders cautious. Here's how reward campaigns like WEEX Joker Party help traders stay active during a sideways June market.
What Is a Bitcoin ETF? A Simple Guide for 2026
Learn what a Bitcoin ETF is, how spot vs. futures ETFs work, and key pros and cons for traders. Read the full guide on WEEX.
Best AI Crypto Coins 2026: Top 7 Tokens Ranked by Data
Find the best AI crypto coins 2026 with data-driven picks: Bittensor, Render, and emerging projects. On-chain metrics, risks, and WEEX trading guide included.
How to Stake Solana: A Step-by-Step Guide for 2026
Find the best AI crypto coins 2026 with data-driven picks: Bittensor, Render, and emerging projects. On-chain metrics, risks, and WEEX trading guide included.
Guaranteed Price Now Live on WEEX: Execute with Greater Precision
To deliver a smoother futures trading experience, WEEX futures has launched a "Guaranteed Price" feature.
Morning Report | Strategy sold 32 BTC and over 800,000 shares of MSTR last week; Binance officially announced its U.S. stock trading portal; Polymarket reached an exclusive partnership with OneFootball
Overview of Important Market Events on June 1st
Zhou Hang: How much is SpaceX really worth?
Great companies do not equal good stocks: A deep analysis of why SpaceX's $1.75 trillion IPO valuation may contain a $1.25 trillion bubble, and retail investors should avoid blindly chasing "story premiums."
IOSG: From Coinbase to Upbit: How a Token Completes a 28-Day Journey of Taking Over
The IOSG report indicates that by 2026, the listing of tokens on first-tier exchanges has formed a highly structured path where Coinbase and ByBit are responsible for initial discovery, Binance quickly verifies and confirms, and Korean exchanges provide liquidity at the end.
Exclusive Interview with Alpaca CEO: What is the background of the US stock underlying service provider behind Binance and Bitget?
Binance and Bitget's underlying service provider in the US stock market, Alpaca, has entered the unicorn club with its "AWS of Finance" model, currently holding 94% of the tokenized US stock market share and is accelerating the transformation of global on-chain financial infrastructure.
Variant: Three types of L1 assets are highly likely to become the main means of value storage
The basic judgment factors include: technical durability, resistance to censorship, scarcity, economic productivity, etc.
Does the performance on Perp DEX become an "invisible threshold" and "amplifier" for new coins to go live on CEX?
The liquidity migration of the new currency in 2026 from the perspective of open interest (OI) and asset labels.
Popular coins
Latest Crypto News
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
