32 Red Hat NPM packages delivered credential‑stealing worm
72‑second push via likely GitHub Actions OIDC: 96 malicious builds across 32 Red Hat NPM packages carried a Mini Shai‑Hulud preinstall worm stealing CI/CD, npm and cloud/K8s creds. Assume compromise—rotate keys, update packages, harden Terraform/Terragrunt; GDPR/NIS2/PCI risk for Romania/EU multi‑cloud.
Jul 07, 2026