Overview

• An extortion outfit calling itself the Crimson Collective claims it stole about 570GB from Red Hat’s private GitHub, citing access to roughly 28,000 projects and around 800 Customer Engagement Reports.
• The group has posted file trees, samples, and screenshots on Telegram as proof, with materials referencing organizations across banking, telecoms, airlines, healthcare, and government.
• Customer Engagement Reports typically contain architecture diagrams, configuration details, authentication tokens, and network maps that could enable targeted attacks on affected environments.
• Red Hat acknowledges a security incident tied to its consulting business and says remediation is underway, while declining to verify the attackers’ specific claims and asserting confidence in the integrity of other products.
• The attackers also allege they used exposed tokens to access some customer infrastructure, a claim that remains unverified as investigations and impact assessments continue; separate scrutiny persists over a critical 9.9 OpenShift AI flaw.