this post was submitted on 02 Jun 2026
11 points (86.7% liked)

Linux

13889 readers
348 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
11
Red Hat npm Packages Compromised to Spreаd a Credential-Stealing Worm (www.aikido.dev)
submitted 4 days ago by cm0002@libretechni.ca to c/linux@programming.dev
3 comments fedilink hide all child comments
top 3 comments
sorted by: hot top controversial new old
[–] vk6flab@lemmy.radio 2 points 4 days ago (1 children)

I can't decide if this is real or an advertisement for the linked article service. I don't see any CVE in the article which seems to be a good indication of the quality of the content.

I'm not saying that this is misinformation, but I'm extremely sceptical about the nature of this article.

[–] trevor@lemmy.blahaj.zone 5 points 4 days ago

It's both real and an ad, which is why is effective.

Here's a more technical breakdown from jfrog.

[–] Dunstabzugshaubitze@feddit.org 1 points 4 days ago

on first glance it seems like the affected packages are not something someone outside of redhat would use, so i guess the fallout of this will be more interesting than the infected packages themselfs.