Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm
June 1, 2026
Multiple official packages from the @redhat-cloud-services scope on npm were compromised with a credential-stealing worm. In total, 96 versions across 32 packages have been compromised, cumulatively downloaded 116,991 times per week.