Technology

Dozens of Red Hat packages backdoored through its official NPM channel

Source

Ars Technica

Published

Jun 1, 2026

TL;DR

AI Generated

Red Hat's official NPM accounts were compromised, leading to the distribution of a malicious worm that steals sensitive credentials across machines. The attack targeted the @redhat-cloud-services channel, a trusted source for Red Hat packages, affecting over 30 packages. The malware collects credentials during the npm install process and spreads by republishing infected packages to other accounts. Organizations are advised to consider systems that installed the affected packages as potentially compromised, as the payload executes during installation, not runtime use. The malware encrypts and sends credentials through web requests, with a fallback option to publish data to compromised GitHub repositories.

Read Full Article

The Download: Trump’s new AI order, and smart glasses for warfare

President Trump signed a new AI order focusing on innovation and security, introducing a voluntary review system for tech companies to share models with the government before release. Meanwhile, defense-tech company Anduril is developing smart glasses for warfare with Meta, envisioning drone strike orders via eye-tracking and voice commands. SpaceX plans to raise $75 billion in an IPO, Meta scales back worker tracking for AI training, and Microsoft launches a new AI assistant. Additionally, concerns arise about AI's impact on mathematics, surveillance, and cybersecurity.

MIT Technology Review•

8 hours ago

Trump signs AI executive order seeking 30-day government access to frontier models before release — voluntary framework will include classified benchmark to determine which models qualify

President Trump has signed an executive order requiring AI companies to provide the government with early access to their most advanced models for up to 30 days before public release. This voluntary framework includes a classified benchmark to determine which models qualify for review. The order tasks agencies like the NSA and CISA with creating the benchmark and selecting trusted partners for review. The directive also establishes an "AI cybersecurity clearinghouse" to coordinate vulnerability scanning and patch distribution. Critics raise concerns about potential government interference in deciding who gains early access to powerful AI models.

Tom's Hardware•

9 hours ago

MIT Technology Review

The Download: AI can run your admin department now

AI is increasingly taking on basic administrative tasks for small businesses, from organizing notes to invoicing and social media planning. Anthropic has confidentially filed for an IPO ahead of OpenAI, aiming to go public this fall. The EU may exclude US cloud giants like Amazon, Microsoft, and Google from critical contracts to reduce dependence on US tech. Florida has become the first state to sue OpenAI over alleged child safety risks related to ChatGPT. Hackers exploited Meta AI to steal Instagram accounts, highlighting the risks of offloading support to AI.

MIT Technology Review•

1 day ago

Windows Server vulnerability can grant system privileges with just a malformed packet — domain controllers are being exploited in the wild

A critical vulnerability in Windows Server domain controllers (DC) has been identified, allowing unauthenticated users to potentially gain system privileges by sending a malformed UDP packet. The exploit, rated 9.8, affects versions 2012 to current and can lead to denial-of-service scenarios or unauthorized access. The vulnerability, CVE-2026-41089, impacts the Netlogon service and requires immediate patching to mitigate risks. Microsoft has confirmed exploitation in the wild and advises administrators to treat it as a serious threat, patching all linked DCs promptly to prevent network insecurity.

Tom's Hardware•

2 days ago

The Download: Trump’s new AI order, and smart glasses for warfare

MIT Technology Review•

8 hours ago

Trump signs AI executive order seeking 30-day government access to frontier models before release — voluntary framework will include classified benchmark to determine which models qualify

Tom's Hardware•

9 hours ago

MIT Technology Review

The Download: AI can run your admin department now

MIT Technology Review•

1 day ago

Windows Server vulnerability can grant system privileges with just a malformed packet — domain controllers are being exploited in the wild

Tom's Hardware•

2 days ago

Dozens of Red Hat packages backdoored through its official NPM channel

TL;DR

Similar Articles

The Download: Trump’s new AI order, and smart glasses for warfare

Trump signs AI executive order seeking 30-day government access to frontier models before release — voluntary framework will include classified benchmark to determine which models qualify

The Download: AI can run your admin department now

Windows Server vulnerability can grant system privileges with just a malformed packet — domain controllers are being exploited in the wild

We use cookies

Dozens of Red Hat packages backdoored through its official NPM channel

TL;DR

Similar Articles

The Download: Trump’s new AI order, and smart glasses for warfare

Trump signs AI executive order seeking 30-day government access to frontier models before release — voluntary framework will include classified benchmark to determine which models qualify

The Download: AI can run your admin department now

Windows Server vulnerability can grant system privileges with just a malformed packet — domain controllers are being exploited in the wild