Top 10 malicious / compromised packages – 2026-06-07

This weekly list covers the ten most significant malicious or compromised packages recently observed in public registries.

1. puppeteer-core (npm)

• Package: https://www.npmjs.com/package/puppeteer-core
• Severity: critical
• Affected versions: 25.1.0
• Downloads: 18014723
• First seen: 2 June 2026 at 13:38 UTC

Typosquatting attack. Similar to popular package: unknown. Behaviors: data exfiltration, code execution, obfuscated code.

2. @puppeteer/browsers (npm)

• Package: https://www.npmjs.com/package/@puppeteer/browsers
• Severity: critical
• Affected versions: 3.0.4
• Downloads: 17602708
• First seen: 2 June 2026 at 13:37 UTC

Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code.

3. @gusmano/reext (npm)

• Package: https://www.npmjs.com/package/@gusmano/reext
• Severity: critical
• Affected versions: 1.0.528
• Downloads: 33325
• First seen: 2 June 2026 at 23:07 UTC

Malicious package detected. Behaviors: data exfiltration, code execution, obfuscated code, install-time execution.

4. @redhat-cloud-services/types (npm)

• Package: https://www.npmjs.com/package/@redhat-cloud-services/types
• Severity: critical
• Affected versions: 3.6.1, 3.6.2, 3.6.4
• Downloads: 16063
• First seen: 1 June 2026 at 16:22 UTC

Compromised release of the legitimate @redhat-cloud-services/types npm package. Malicious versions 3.6.1, 3.6.2, 3.6.4 were published from Red Hat's compromised GitHub Actions OIDC pipeline and carry a preinstall credential-harvesting implant that steals cloud, CI/CD, npm/PyPI, SSH and GPG secrets — including live secrets read from the Runner.Worker /proc memory — and exfiltrates via GitHub dead-drop C2. Part of a coordinated supply-chain compromise of 32 packages in the @redhat-cloud-services scope.

References: [https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492](https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492)

5. @redhat-cloud-services/frontend-components-utilities (npm)

• Package: https://www.npmjs.com/package/@redhat-cloud-services/frontend-components-utilities
• Severity: critical
• Affected versions: 7.4.1, 7.4.2, 7.4.4
• Downloads: 14166
• First seen: 1 June 2026 at 16:21 UTC

Compromised release of the legitimate @redhat-cloud-services/frontend-components-utilities npm package. Malicious versions 7.4.1, 7.4.2, 7.4.4 were published from Red Hat's compromised GitHub Actions OIDC pipeline and carry a preinstall credential-harvesting implant that steals cloud, CI/CD, npm/PyPI, SSH and GPG secrets — including live secrets read from the Runner.Worker /proc memory — and exfiltrates via GitHub dead-drop C2. Part of a coordinated supply-chain compromise of 32 packages in the @redhat-cloud-services scope.

References: [https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492](https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492)

6. @redhat-cloud-services/frontend-components (npm)

• Package: https://www.npmjs.com/package/@redhat-cloud-services/frontend-components
• Severity: critical
• Affected versions: 7.7.2, 7.7.3, 7.7.5
• Downloads: 13721
• First seen: 1 June 2026 at 16:20 UTC

Compromised release of the legitimate @redhat-cloud-services/frontend-components npm package. Malicious versions 7.7.2, 7.7.3, 7.7.5 were published from Red Hat's compromised GitHub Actions OIDC pipeline and carry a preinstall credential-harvesting implant that steals cloud, CI/CD, npm/PyPI, SSH and GPG secrets — including live secrets read from the Runner.Worker /proc memory — and exfiltrates via GitHub dead-drop C2. Part of a coordinated supply-chain compromise of 32 packages in the @redhat-cloud-services scope.

References: [https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492](https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492)

7. @redhat-cloud-services/rbac-client (npm)

• Package: https://www.npmjs.com/package/@redhat-cloud-services/rbac-client
• Severity: critical
• Affected versions: 9.0.3, 9.0.4, 9.0.6
• Downloads: 13551
• First seen: 1 June 2026 at 16:21 UTC

Compromised release of the legitimate @redhat-cloud-services/rbac-client npm package. Malicious versions 9.0.3, 9.0.4, 9.0.6 were published from Red Hat's compromised GitHub Actions OIDC pipeline and carry a preinstall credential-harvesting implant that steals cloud, CI/CD, npm/PyPI, SSH and GPG secrets — including live secrets read from the Runner.Worker /proc memory — and exfiltrates via GitHub dead-drop C2. Part of a coordinated supply-chain compromise of 32 packages in the @redhat-cloud-services scope.

References: [https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492](https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492)

8. @redhat-cloud-services/javascript-clients-shared (npm)

• Package: https://www.npmjs.com/package/@redhat-cloud-services/javascript-clients-shared
• Severity: critical
• Affected versions: 2.0.8, 2.0.9, 2.0.11
• Downloads: 13006
• First seen: 1 June 2026 at 16:21 UTC

Compromised release of the legitimate @redhat-cloud-services/javascript-clients-shared npm package. Malicious versions 2.0.8, 2.0.9, 2.0.11 were published from Red Hat's compromised GitHub Actions OIDC pipeline and carry a preinstall credential-harvesting implant that steals cloud, CI/CD, npm/PyPI, SSH and GPG secrets — including live secrets read from the Runner.Worker /proc memory — and exfiltrates via GitHub dead-drop C2. Part of a coordinated supply-chain compromise of 32 packages in the @redhat-cloud-services scope.

References: [https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492](https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492)

9. @redhat-cloud-services/frontend-components-config-utilities (npm)

• Package: https://www.npmjs.com/package/@redhat-cloud-services/frontend-components-config-utilities
• Severity: critical
• Affected versions: 4.11.2, 4.11.3, 4.11.5
• Downloads: 9393
• First seen: 1 June 2026 at 16:20 UTC

Compromised release of the legitimate @redhat-cloud-services/frontend-components-config-utilities npm package. Malicious versions 4.11.2, 4.11.3, 4.11.5 were published from Red Hat's compromised GitHub Actions OIDC pipeline and carry a preinstall credential-harvesting implant that steals cloud, CI/CD, npm/PyPI, SSH and GPG secrets — including live secrets read from the Runner.Worker /proc memory — and exfiltrates via GitHub dead-drop C2. Part of a coordinated supply-chain compromise of 32 packages in the @redhat-cloud-services scope.

References: [https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492](https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492)

10. @redhat-cloud-services/frontend-components-notifications (npm)

• Package: https://www.npmjs.com/package/@redhat-cloud-services/frontend-components-notifications
• Severity: critical
• Affected versions: 6.9.2, 6.9.3, 6.9.5
• Downloads: 7841
• First seen: 1 June 2026 at 16:20 UTC

Compromised release of the legitimate @redhat-cloud-services/frontend-components-notifications npm package. Malicious versions 6.9.2, 6.9.3, 6.9.5 were published from Red Hat's compromised GitHub Actions OIDC pipeline and carry a preinstall credential-harvesting implant that steals cloud, CI/CD, npm/PyPI, SSH and GPG secrets — including live secrets read from the Runner.Worker /proc memory — and exfiltrates via GitHub dead-drop C2. Part of a coordinated supply-chain compromise of 32 packages in the @redhat-cloud-services scope.

References: [https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492](https://www.stepsecurity.io/blog/multiple-redhat-cloud-services-npm-packages-compromised | https://github.com/RedHatInsights/javascript-clients/issues/492)

Want help mitigating malicious packages before they reach your network?

ShieldedStack acts as a security proxy in front of npm, PyPI, NuGet, and Maven, helping teams detect and block malicious or risky packages before they reach developer machines or CI pipelines.

Learn more: https://shieldedstack.com