Red Hat Confirms Breach of Private GitHub Repositories

A cybercrime group known as the Crimson Collective has claimed responsibility for breaching Red Hat's private GitHub repositories. The group alleges it stole 570GB of data, including 28,000 internal projects and hundreds of sensitive Customer Engagement Reports (CERs). These CERs contain detailed infrastructure information and configurations for major clients across banking, telecom, and government sectors. Red Hat has confirmed a security incident related to its consulting business but has not verified the full extent of the attackers' claims. The company stated the breach does not impact its products or software supply chain, though the attackers claim to have accessed some client infrastructure.

Latest mentioned: 10-02

Earliest mentioned: 10-02

Sources

securityaffairs.com bleepingcomputer.com theregister.com

Also Read

XWorm V6.0 Malware Resurfaces with New Plugins

The notorious XWorm malware has resurfaced as version 6.0, despite being considered retired after its previous version was compromised. This new iteration is distributed through phishing emails and uses a multi-stage infection chain to inject itself into legitimate system processes. Its modular architecture allows attackers to deploy over 35 specialized plugins for activities ranging from data theft and remote control to ransomware deployment. XWorm V6.0 also introduces advanced persistence methods to survive system resets and fixes critical vulnerabilities found in its predecessor. A multi-layered, behavior-focused security posture is essential to defend against this evolving threat.

10-03Read more →