top of page
perceptive_background_267k.jpg

Multiple redhat-cloud-services npm Packages compromised

Published:

1 June 2026 at 11:51:41

Alert date:

1 June 2026 at 12:01:50

Source:

stepsecurity.io

Click to open the original link from this advisory

Supply Chain & Dependencies, Cloud & Virtualization

Eight packages in the @redhat-cloud-services npm scope were compromised with malicious payloads that execute via preinstall hooks during npm install. The attack involves a sophisticated multi-stage credential harvester targeting GitHub Actions secrets, AWS, GCP, Azure, Kubernetes, HashiCorp Vault, npm tokens, and CircleCI tokens. Multiple versions across RedHat Cloud Services frontend ecosystem packages are affected. This represents a significant supply chain compromise affecting enterprise cloud infrastructure credentials.

Technical details

Mitigation steps:

Affected products:

@redhat-cloud-services npm packages
RedHat Cloud Services

Related links:

https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page