// #red-hat
2 articles
Miasma / Shai Hulud Supply Chain Campaign: 100+ npm and PyPI Packages Compromised Including Red Hat Namespace
Security researchers have attributed a coordinated software supply chain attack to a threat cluster tracked as Miasma (also Shai Hulud), which compromised over 100 packages across npm and PyPI by stealing publisher credentials and injecting malicious code. The campaign reached the official Red Hat npm namespace, exposing organisations that rely on internal package mirror strategies as a security control.
Red Hat Enterprise Linux LPE at Pwn2Own: What the Results Mean for Enterprise Linux Patch Strategy
Red Hat Enterprise Linux was successfully exploited twice at Pwn2Own Berlin 2026 via local privilege escalation vulnerabilities. For enterprise security teams running RHEL, and the broader family of RHEL-derived distributions including CentOS Stream, Rocky Linux, and AlmaLinux, the results inform how Linux patching SLAs should be evaluated against the demonstrated threat model.