Recent security breaches have seen numerous Red Hat npm packages compromised by a variant of the Mini Shai-Hulud worm, which has been downloaded over 80,000 times in just one week. Attackers have targeted sensitive information, including GitHub Actions secrets, npm tokens, and cloud credentials, affecting thousands of developers and projects. Security firms Wiz and Socket have identified 32 and 95 compromised packages, respectively, all published under the Red Hat Cloud Services namespace. Red Hat confirmed the attack but stated that the malicious code was limited to internal development and not available for customer consumption. The attackers, originally associated with the TeamPCP group, have modified their approach, introducing themes from Greek mythology while maintaining similar functionality. This variant also collects identities from Google Cloud Platform and Microsoft Azure, indicating a broader threat landscape. The ongoing investigation suggests that the number of infected packages could increase.