Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.
IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open source software supply chain.
Red Hat develops enterprise Linux and related software, making its security advisories, patches, and vulnerabilities relevant to systems that rely on them.
Search across headline titles and summaries.
Background for this topic.
Red Hat is the publisher and maintainer of enterprise open-source platforms, chiefly Red Hat Enterprise Linux (RHEL), Red Hat OpenShift for containerized applications, and Red Hat Satellite for system management. RHEL commonly provides SELinux, a mandatory access-control system that restricts processes according to policy, while Red Hat’s signed packages, security errata, and defined support lifecycles help organizations maintain controlled software baselines.
Security teams track Red Hat security advisories and apply the relevant updates across RHEL hosts, virtual machines, and images; delayed patching can leave known flaws exploitable, while version and support status affect remediation options. Satellite can centralize repository and patch governance, but it must itself be secured. OpenShift adds Kubernetes-specific exposure: overly broad role permissions, exposed management interfaces, insecure container images, and misconfigured secrets can expand an application’s attack surface. SELinux and platform defaults reduce risk only when policies, access controls, image sources, and audit data are reviewed and maintained.
Weekly headline count for the current query.
IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open source software supply chain.
A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems
A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and local machines, then spreads like a worm by republishing trusted packages. Discover how the attack works, what data is at risk, and the steps you can take to protect your organization. The post Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign appeared first on Microsoft Security Blog.
Attackers backdoored 32 packages in Red Hat's official npm scope to steal cloud and CI secrets
TeamPCP? Or copycat malware dev?
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. [...]
Top brass splash cash on acoustic targeting, hypersonic missiles…and Red Hat Keir Starmer could ramp up the UK's defense spending plans faster than planned as the MoD reeled off new purchases for Britain's armed forces.…
Automaker's third security snafu in three years Thousands of Nissan customers are learning that some of their personal data was leaked after unauthorized access to a Red Hat-managed server, according to the Japanese automaker.…
Nissan has revealed that over 20,000 customers have had personal information compromised in a third-party data breach
Nissan Motor Co. Ltd. (Nissan) has confirmed that information of thousands of its customers has been compromised after the data breach at Red Hat in September. [...]
Crimson Collective, which recently breached the GitLab instance of Red Hat Consulting, has teamed up with the notorious cybercriminal collective.
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.
Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site. [...]
28,000 Customers, Including Banks and US Government Agencies, Appear to Be AffectedCommercial Linux distribution producer Red Hat has issued a security alert warning that attackers stole customer data from its consulting arm's GitLab instance. The hacking group, Crimson Collective, claims to have stolen one terabyte of data pertaining to 28,000 customers.
Open source giant admits intruders broke into dedicated consulting instance, but insists core products untouched What started as cyber crew bragging has now been confirmed by Red Hat: someone gained access to its consulting GitLab system and walked away with data.…
A threat actor claimed 28,000 private repositories had been compromised, and the Linux software maker said it had "initiated necessary remediation steps."
570GB of data claimed to be stolen by the Crimson Collective A hacking crew claims to have broken into Red Hat's private GitHub repositories, exfiltrating some 570GB of compressed data, including sensitive documents belonging to customers. …
An extortion group calling itself the Crimson Collective claims to have breached Red Hat's private GitLab repositories, stealing nearly 570GB of compressed data across 28,000 internal projects. [...]