Red Hat Backdoor Hit 117K Devs 🔓 & Microsoft's Billion-User Token Leak
Two major security stories broke today that affect developers and everyday Microsoft users alike — here's what you need to know and what to do about it.
🔴 Hackers Hijacked Red Hat's npm Packages to Steal Cloud Credentials
A sophisticated attack quietly backdoored 32 software packages published under Red Hat's official developer account on npm — a repository used by millions of developers worldwide to download code libraries. The malicious packages, downloaded roughly 117,000 times per week, contained hidden code that automatically stole a wide range of secrets from any machine that installed them: Amazon Web Services keys, Google Cloud and Azure credentials, Kubernetes tokens, SSH keys, GitHub secrets, and more.
The attackers got in by compromising a Red Hat employee's GitHub account, then used that access to publish poisoned packages through an automated pipeline. So far, 309 GitHub repositories have been found compromised. If your team installed any affected @redhat-cloud-services npm package recently, you should treat all credentials on that machine as compromised and rotate them immediately.
📱 A Single Debug Flag Left Billions of Microsoft 365 Android Users Exposed
Researchers discovered that six Microsoft 365 Android apps — Word, Excel, PowerPoint, Copilot, Loop, and OneNote — contained a forgotten debug setting that allowed any other app on your phone to silently request and receive your Microsoft account access token. That token is essentially a master key to your email, files, calendar, and documents.
The scary part: an attacker only needed about 15 lines of code buried inside any widely-installed app to pull this off. Stolen tokens could be refreshed over time, meaning access could persist long after the initial theft. Microsoft patched the vulnerability in May via Google Play, so make sure your Microsoft apps are fully updated. This is a reminder that even the most trusted apps can carry hidden risks — and why keeping apps updated matters.
Stay ahead of threats like these with GOCO Security at gocosecurity.com.
.jpg)
Comments
Post a Comment