critical

CVE

CVE-2026-27771, CVE-2026-47759, CVE-2026-47760, CVE-2026-47761, CVE-2026-47762, CVE-2026-48898, CVE-2026-48904, CVE-2026-44831, CVE-2026-44832, CVE-2026-44833

CWE

CWE-506, CWE-200, CWE-522, CWE-829, CWE-284, CWE-862, CWE-494, CWE-426, CWE-78, CWE-79

Affected Surface

@redhat-cloud-services npm packages, GitHub Actions trusted publishing workflows, Gitea and Forgejo private container registries, js-logger-pack and related npm logger packages, Sicoob.Sdk NuGet packages, npm dependency-confusion targets tied to oob.moika.tech, OpenSearch-themed npm typosquats, @velora-dex/sdk 9.4.1, Joomla CMS 4.x, 5.x, and 6.x, TinyMCE npm, NuGet, and Composer packages, Snipe-IT before 8.4.1, roberts/leads Packagist dev branch

Welcome to Corgea’s weekly briefing. The briefing covers the most important security findings and research from the week.

This edition covers research published from Tuesday, 26 May through Tuesday, 2 June 2026, excluding items already covered in the 26 May briefing.

Top Article

Miasma poisoned Red Hat Cloud Services npm packages through trusted publishing

The most important story this week is Red Hat’s RHSB-2026-006 supply-chain compromise. A compromised Red Hat GitHub account pushed unauthorized orphan commits into RedHatInsights repositories, added GitHub Actions workflows with id-token: write, and used npm trusted publishing to ship backdoored @redhat-cloud-services packages. Red Hat disclosed the incident and removed the malicious versions; Aikido, Wiz, Socket, and OX Security deserve credit for connecting the package list, Miasma payload behavior, and trusted-publishing abuse path.

This matters because it extends the Mini Shai-Hulud and TanStack trusted-publisher compromise lessons into another major vendor namespace. Valid-looking provenance only proves which workflow produced an artifact; it does not prove the workflow was legitimate. Teams that consume affected @redhat-cloud-services packages should treat installation as code execution, rebuild exposed workstations and runners, rotate GitHub, npm, cloud, Vault, Kubernetes, Docker, PyPI, SSH, and GPG credentials, and audit trusted-publishing repositories for workflows that can request OIDC tokens from unprotected branches.

More news

CVE-2026-27771 exposed private Gitea and Forgejo container images

NoScope disclosed CVE-2026-27771, and Gitea credited NoScope in the 1.26.2 release notes for the package-registry security fix. The flaw allowed unauthenticated users to pull private OCI manifests and blobs from affected self-hosted Gitea and Forgejo registries, turning private container images into leaked application artifacts.

The operational impact is bigger than “someone saw an image.” Private images often contain source code, lockfiles, internal hostnames, build history, package-manager credentials, private CA material, and secrets accidentally copied during Docker builds. This belongs next to supply-chain stories such as the GitHub/Nx breach and Laravel-Lang Composer tag rewrite: once the artifact boundary fails, source privacy and credential hygiene have to be revalidated.

js-logger-pack turns Hugging Face into a malware CDN and exfiltration backend

SafeDep first documented the malicious js-logger-pack npm package in April, while JFrog later extracted the current MicrosoftSystem64 second stage and showed how the operator used Hugging Face both to host platform-specific binaries and to store stolen victim data in private datasets. Cyber Security News reported that the campaign remained active in late May, with related logger packages participating in the distribution chain.

The important takeaway is persistence and operator control. The implant runs on Windows, macOS, and Linux, registers OS-level persistence, monitors clipboard and keystrokes, reads and writes files, deploys additional binaries, and uploads chosen folders. That makes it more severe than a one-shot package stealer like the OpenSearch-themed npm typosquats or the node-ipc DNS exfiltration incident: affected hosts should be rebuilt from trusted images and credentials rotated from clean systems.

Other news:

  • Sicoob.Sdk NuGet impersonator steals mTLS certificates through Sentry telemetry - Socket reported that malicious Sicoob.Sdk releases 2.0.0 through 2.0.4 impersonated a Brazilian banking SDK, then exfiltrated client IDs, PFX passwords, base64-encoded PFX certificate archives, and boleto responses through a hardcoded Sentry DSN. This is the .NET banking version of the source/package mismatch pattern seen in @velora-dex/sdk: the registry artifact, not just the linked source repository, has to be verified.
  • oob.moika.tech npm campaign used dependency confusion to profile developer environments - Microsoft and SafeDep tied at least 179 malicious npm package-version records to dependency-confusion lures that used internal-looking scopes, inflated versions, postinstall hooks, and detached payloads to inventory developer and CI environments. The campaign reinforces the same resolution-policy lesson as the TrapDoor multi-registry campaign: package installation is a privileged execution event.
  • 14 OpenSearch-themed npm typosquats stole AWS, Vault, GitHub, and npm secrets - Microsoft reported that the vpmdhaj account published 14 OpenSearch, ElasticSearch, DevOps, and config lookalikes that executed during npm install, loaded a Bun-based credential harvester, and targeted AWS, Vault, GitHub Actions, and npm tokens. The cloud-token target set makes this a possible stepping stone to legitimate-package compromise, much like Mini Shai-Hulud.
  • @velora-dex/sdk 9.4.1 loaded a macOS MINIRAT backdoor on import - Wiz connected the official Velora DEX SDK compromise to JINX-0164’s broader cryptocurrency-developer campaign, while StepSecurity and SafeDep documented the registry-only tarball changes. The payload executed on import rather than through an install hook, so npm install --ignore-scripts would not prevent execution once tests, scripts, or applications loaded the SDK.
  • Joomla 5.4.6 and 6.1.1 patch com_users privilege-escalation paths - Joomla published security advisories for CVE-2026-48898 and CVE-2026-48904, covering access-control failures in the com_users batch task and group-editing webservice endpoint. Patch priority should track administrator/API exposure and suspicious user or group mutations, similar to the account-authority risk in Snipe-IT’s API admin escalation.
  • TinyMCE CVE-2026-47759 through 47762 turn editor sanitization gaps into stored XSS - TinyMCE published four high-severity stored-XSS advisories affecting npm, NuGet, and Composer packages, with KKM Mako providing additional public analysis. CMSes, admin consoles, wikis, and SaaS products embedding TinyMCE should patch and then review stored content for suspicious data-mce-*, media-plugin, nested-SVG, and mce:protected payloads.
  • Snipe-IT 8.4.1 closes API admin escalation, component-note XSS, and open redirect flaws - Grokability’s GitHub advisories for Snipe-IT 8.4.1 cover CVE-2026-44832, where a user with users.edit could set permissions[admin]=1, plus component-note stored XSS and an open redirect. Self-hosted asset systems should review API logs for unauthorized permission changes before treating the patch as complete.
  • roberts/leads Packagist dev branch hid a Famous Chollima blockchain loader - Socket reported that the legitimate roberts/leads Packagist package exposed a poisoned dev-drewroberts/feature/test-case branch whose tailwind.js resolved payload material through TRON, Aptos, and BNB Smart Chain. The narrow dev-branch targeting is a reminder that social-engineered “please test this branch” requests can be package-install RCE, not just source review.