Slow Fog: Red Hat cloud service npm package suffers from active supply chain attacks, with stolen credentials found in over 300 GitHub repositories
By: rootdata|2026/06/02 15:42:57
0
Share
SlowMist has issued a security alert, detecting an active npm supply chain attack targeting @redhat-cloud-services related packages. Currently, over 31 packages have been confirmed affected, with a weekly download volume of approximately 116,000 times, and stolen credentials exist in more than 300 GitHub repositories. This attack method is highly similar to the previous "Shai-Hulud" npm attack, including credential theft, creation of malicious repositories, and automated secret leakage. New suspicious repositories continue to emerge, indicating that the attack is still ongoing, and developers are still being continuously infected.
Potential harms include: theft of GitHub/npm tokens, leakage of AWS/GCP/Azure cloud credentials, collection of SSH keys and Kubernetes secrets, leakage of local environment and wallet data, creation of malicious repositories and persistence operations, and even potentially destructive actions after tokens are revoked. It is recommended to immediately remove or downgrade affected @redhat-cloud-services package versions, conduct a comprehensive audit of CI/CD workflows and dependency installations, rotate all GitHub, npm, cloud service, SSH, and wallet-related keys, retain logs, and rebuild exposed developer machines or Runners from clean images while maintaining a high level of vigilance.
You may also like
Best AI Crypto Coins 2026: Top 7 Tokens Ranked by Data
Find the best AI crypto coins 2026 with data-driven picks: Bittensor, Render, and emerging projects. On-chain metrics, risks, and WEEX trading guide included.
How to Stake Solana: A Step-by-Step Guide for 2026
Find the best AI crypto coins 2026 with data-driven picks: Bittensor, Render, and emerging projects. On-chain metrics, risks, and WEEX trading guide included.
Exclusive Interview with Alpaca CEO: What is the background of the US stock underlying service provider behind Binance and Bitget?
Binance and Bitget's underlying service provider in the US stock market, Alpaca, has entered the unicorn club with its "AWS of Finance" model, currently holding 94% of the tokenized US stock market share and is accelerating the transformation of global on-chain financial infrastructure.
Variant: Three types of L1 assets are highly likely to become the main means of value storage
The basic judgment factors include: technical durability, resistance to censorship, scarcity, economic productivity, etc.
Does the performance on Perp DEX become an "invisible threshold" and "amplifier" for new coins to go live on CEX?
The liquidity migration of the new currency in 2026 from the perspective of open interest (OI) and asset labels.
Zhou Hang: How much is SpaceX really worth?
Great companies do not equal good stocks: A deep analysis of why SpaceX's $1.75 trillion IPO valuation may contain a $1.25 trillion bubble, and retail investors should avoid blindly chasing "story premiums."
IOSG: From Coinbase to Upbit: How a Token Completes a 28-Day Journey of Taking Over
The IOSG report indicates that by 2026, the listing of tokens on first-tier exchanges has formed a highly structured path where Coinbase and ByBit are responsible for initial discovery, Binance quickly verifies and confirms, and Korean exchanges provide liquidity at the end.
Morning Report | Strategy sold 32 BTC and over 800,000 shares of MSTR last week; Binance officially announced its U.S. stock trading portal; Polymarket reached an exclusive partnership with OneFootball
Overview of Important Market Events on June 1st
Guaranteed Price Now Live on WEEX: Execute with Greater Precision
To deliver a smoother futures trading experience, WEEX futures has launched a "Guaranteed Price" feature.
Morning News | Michael Saylor releases Bitcoin Tracker information; Aave releases post-attack investigation on Kelp rsETH bridge; Gravity Bridge announces service suspension after being attacked
Overview of Important Market Events on May 31
BIS's latest research: The future of stablecoins and the global monetary landscape
The report believes that stablecoins will strengthen the dominance of the US dollar in the short term, posing risks to the monetary sovereignty of emerging markets and developing economies, while the long-term trajectory will depend on their adoption models, regulatory responses, and the synergy of ...
Interview with macro master Raoul Pal: The AI competition is giving rise to an "economic singularity," don't easily give up your chips in the next four years
Compared to Nasdaq, Bitcoin is currently in a severely oversold position within its long-term trend.
Wang Chuan: How can one not feel anxious after the neighbor Old Wang made thirty times his investment in storage stocks? (Six) - The Trap of Homogeneous Products
In-depth analysis of the cyclical curse of storage stocks: The short-term windfall brought by AI is unsustainable, and rigid capacity will ultimately backfire on prices. Beware of the "low price-to-earnings ratio" wealth trap at the cyclical peak.
"Trapped in the cryptocurrency world: Don't let the anxiety of missing out force you onto the most dangerous last train."
When global assets reach new highs, cryptocurrency becomes the only uninvited guest.
The broken defense of Solana's guardians: In order to tear apart Hyperliquid, they actually picked up the script that Ethereum once criticized itself?
HYPE surge sparks a battle of giants. Solana's leader angrily criticizes Hyperliquid for being too centralized, while Arthur Hayes counters with a strong rebuttal, betting $100,000.
Why is Peter Thiel, behind Palantir, preparing an exit in Argentina?
Palantir, political risk, and the self-preservation of technological oligarchs.
The midlife crisis of Crypto GP: Without PMF, there is no next check from LP
After losing the vastness of the stars and the sea, most Crypto GPs that failed to earn excess returns in this cycle must pragmatically launch a product with PMF, either by proving their ability to help LPs earn excess returns through some niche market, or by solving specific problems for LPs/partne...
Fidelity Mid-Year Review: 6 Key Trends in Digital Assets for 2026
Setting aside short-term market fluctuations, the underlying logic of digital assets is changing. The accelerated integration of capital markets, the implementation of regulatory frameworks, and the continuous optimization of infrastructure constitute the core driving forces of current industry deve...
Best AI Crypto Coins 2026: Top 7 Tokens Ranked by Data
Find the best AI crypto coins 2026 with data-driven picks: Bittensor, Render, and emerging projects. On-chain metrics, risks, and WEEX trading guide included.
How to Stake Solana: A Step-by-Step Guide for 2026
Find the best AI crypto coins 2026 with data-driven picks: Bittensor, Render, and emerging projects. On-chain metrics, risks, and WEEX trading guide included.
Exclusive Interview with Alpaca CEO: What is the background of the US stock underlying service provider behind Binance and Bitget?
Binance and Bitget's underlying service provider in the US stock market, Alpaca, has entered the unicorn club with its "AWS of Finance" model, currently holding 94% of the tokenized US stock market share and is accelerating the transformation of global on-chain financial infrastructure.
Variant: Three types of L1 assets are highly likely to become the main means of value storage
The basic judgment factors include: technical durability, resistance to censorship, scarcity, economic productivity, etc.
Does the performance on Perp DEX become an "invisible threshold" and "amplifier" for new coins to go live on CEX?
The liquidity migration of the new currency in 2026 from the perspective of open interest (OI) and asset labels.
Zhou Hang: How much is SpaceX really worth?
Great companies do not equal good stocks: A deep analysis of why SpaceX's $1.75 trillion IPO valuation may contain a $1.25 trillion bubble, and retail investors should avoid blindly chasing "story premiums."
Popular coins
Latest Crypto News
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
