All news with #red hat tag

CIO100 & CSO30 ASEAN Awards Celebrate Tech Leadership

🏆 The CIO100 and CSO30 ASEAN and Hong Kong Awards Gala on November 12, 2025 validated the region's maturing technology leadership, drawing winners and teams from Singapore, Malaysia, Indonesia, Vietnam, Cambodia, Thailand, Hong Kong and the Philippines. With a record 243 nominations, the program highlighted artificial intelligence as the defining strategic imperative reshaping operations, innovation and security. Judges prioritized clear, measurable business impact, recognizing cybersecurity leaders and collaborative public–private initiatives. Headline sponsor was AWS.

ShinyHunters Launch Extortion Site Targeting Corporates

🔓 A cybercrime collective known as ShinyHunters has launched a public extortion blog threatening to publish data stolen from dozens of major companies if ransoms are not paid. The group claims to have harvested Salesforce customer records via a May voice-phishing campaign, and also says it exfiltrated terabytes of files from a Red Hat GitLab server and Discord user data tied to a third-party provider. Security firms and affected vendors including Salesforce, Red Hat and Discord are investigating, while Google and other investigators link the activity to several related UNC clusters and warn of additional token thefts tied to Salesloft. Victim shaming, published exploit scripts for an Oracle E-Business Suite zero-day, and malware-laced threats have amplified the incident’s severity.

ShinyHunters Joins Extortion Effort After Red Hat Breach

🔐 Red Hat is facing renewed extortion after a breach of its GitLab instance used by Red Hat Consulting was claimed to have exposed nearly 570GB of compressed data across thousands of repositories, including about 800 Customer Engagement Reports (CERs). The Crimson Collective initially claimed the theft and says it received no ransom response. The group announced a collaboration with Scattered Lapsus$ Hunters and has used the newly launched ShinyHunters leak site to press extortion demands, publishing CER samples and setting an October 10 deadline. Red Hat did not respond to inquiries.

Critical RBAC Flaw in Red Hat OpenShift AI Risks Clusters

⚠ Red Hat has patched a design flaw in OpenShift AI (CVE-2025-10725) with a CVSS score of 9.9 that can let an authenticated low-privilege user escalate to full cluster administrator and fully compromise clusters and hosted applications. The vulnerability stems from an overly permissive ClusterRole binding that grants broad permissions to system:authenticated. Red Hat advises removing the kueue-batch-user-role ClusterRoleBinding, tightening job-creation permissions to follow least privilege, and upgrading to fixed RHOAI images (2.19 and 2.21). Administrators should audit affected environments and apply the recommended fixes promptly.

Red Hat Confirms GitLab Breach Affecting Consulting

🔒 Red Hat confirmed a security incident after an extortion group calling itself the Crimson Collective claimed to have stolen nearly 570GB of compressed data from roughly 28,000 internal repositories in a GitLab instance used solely for consulting engagements. The group alleges the haul includes about 800 Customer Engagement Reports (CERs) that may contain infrastructure details, authentication tokens, and database URIs. Red Hat says it is remediating the issue, has not verified the attackers' specific claims, and believes its software supply chain and other services remain unaffected.

Red Hat Confirms Security Incident After GitHub Claims

🔒 An extortion group calling itself Crimson Collective claims to have exfiltrated nearly 570GB of compressed data from about 28,000 private GitHub repositories, including roughly 800 Customer Engagement Reports (CERs). Red Hat confirmed a security incident tied to its consulting business but would not validate the attackers’ specific claims, saying it has initiated remediation and sees no indication the issue affects its products or software supply chain. The group published directory listings and alleges finding authentication tokens and full database URIs that could be used to access downstream customer infrastructure.

OpenShift AI Privilege Escalation Flaw Exposes Clusters

🔒 Red Hat has disclosed a severe privilege escalation vulnerability in OpenShift AI (CVE-2025-10725) that can allow an authenticated, low-privileged user to escalate to full cluster administrator and fully compromise a deployment. The issue carries a CVSS score of 9.9 but is rated Important by Red Hat because exploitation requires an authenticated account. Affected releases include OpenShift AI 2.19, 2.21 and RHOAI. Administrators are advised to avoid broad ClusterRoleBindings such as binding kueue-batch-user-role to system:authenticated, and to grant job creation permissions only on a granular, need-to-know basis while applying vendor guidance.