Red Hat Consulting exposure assessment and credential rotation advisory
Advisory/Mitigation
Summary
Hide ▲
Show ▼
The Centre for Cybersecurity Belgium (CCB) urged organizations using Red Hat Consulting to rotate shared tokens, keys, and credentials after a consulting-related repository incident raised exposure risk. The advisory warned that related customer engagement reports (CERs) may contain network information, configuration data, and authentication material. It also told organizations to contact third-party IT providers to assess whether they worked with Red Hat Consulting and determine potential exposure.
Related Happenings
Red Hat hit by network compromise
Incident
First: 02.10.2025 09:15
Last: 02.10.2025 09:15
Sources 1
How related:
Red Hat has confirmed a security incident that impacted its GitLab instance after a threat actor claimed to have breached tens of thousands of the Linux software-maker's private repositories.
About this happening:
**Red Hat** is dealing with a **consulting GitLab breach** that was disclosed on **October 2** and later tied to **extortion** by **Crimson Collective**. The group claimed it stol...
Red Hat hit by network compromise
IncidentHow related: Red Hat has confirmed a security incident that impacted its GitLab instance after a threat actor claimed to have breached tens of thousands of the Linux software-maker's private repositories.
About this happening: **Red Hat** is dealing with a **consulting GitLab breach** that was disclosed on **October 2** and later tied to **extortion** by **Crimson Collective**. The group claimed it stol...
Latest development: 23.12.2025 12:15
Nissan said a third-party breach at Red Hat exposed information for 21,000 customers after Red Hat notified Nissan on October 3. The leaked data included names, addresses, phone numbers, partial email addresses and other customer-related information used for sales activities, but not card details. Nissan also said some customer information for Nissan Fukuoka Sales Co. was included and that it informed the Personal Information Protection Commission and began contacting affected customers.
Red Hat consulting data leak claim
Data Leak
First: 02.10.2025 09:15
Last: 02.10.2025 09:15
Sources 1
How related:
an anonymous individual associated with a cybercrime group called "Crimson Collective" claimed that 28,000 of Red Hat's private repositories had been breached.
About this happening:
**Red Hat** confirmed a **security incident** affecting a **GitLab instance** used for **Red Hat Consulting** after **Crimson Collective** claimed access to **28,000 private repos...
Red Hat consulting data leak claim
Data LeakHow related: an anonymous individual associated with a cybercrime group called "Crimson Collective" claimed that 28,000 of Red Hat's private repositories had been breached.
About this happening: **Red Hat** confirmed a **security incident** affecting a **GitLab instance** used for **Red Hat Consulting** after **Crimson Collective** claimed access to **28,000 private repos...
Latest development: 07.10.2025 00:08
ShinyHunters posted samples of stolen Red Hat Customer Engagement Reports (CERs) on a new data leak site and warned that additional data would be publicly leaked on October 10th unless a ransom demand was negotiated. The leaked CER samples included reports for Walmart, HSBC, Bank of Canada, Atos Group, American Express, Department of Defence, and Société Française du Radiotéléphone.
Salesloft Drift third-party API key revocation guidance
Advisory/Mitigation
First: 08.09.2025 18:26
Last: 08.09.2025 18:26
Sources 1
About this happening:
Salesloft issued **proactive revocation guidance** for **third-party applications integrated with Drift via API key**, reducing the risk of continued unauthorized access after the...
Salesloft Drift third-party API key revocation guidance
Advisory/MitigationAbout this happening: Salesloft issued **proactive revocation guidance** for **third-party applications integrated with Drift via API key**, reducing the risk of continued unauthorized access after the...
Timeline
-
02.10.2025 03:00 1 articles · 7mo ago
Crimson Collective claims Red Hat GitLab breach
Initial DisclosureCrimson Collective claimed that 28,000 Red Hat private repositories were breached and said the stolen material included customer engagement reports, while Red Hat confirmed a security incident affecting a GitLab instance used solely for Red Hat Consulting and said it had initiated remediation steps.
Show sources
- Red Hat Investigates Widespread Breach of Private GitLab Repositories — www.darkreading.com — 02.10.2025 18:46
-
02.10.2025 03:00 2 articles · 7mo ago
CCB urges Red Hat Consulting credential rotation
Mitigation Patch UpdateThe Centre for Cybersecurity Belgium (CCB) warned that customer engagement reports tied to Red Hat Consulting may contain network information, configuration data, and authentication tokens and keys, and urged organizations to rotate all tokens, keys, and credentials shared with Red Hat or used in Red Hat integrations while contacting third-party IT providers to assess exposure.
Show sources
- Red Hat Investigates Widespread Breach of Private GitLab Repositories — www.darkreading.com — 02.10.2025 18:46
- Red Hat Investigates Widespread Breach of Private GitLab Repositories — www.darkreading.com — 02.10.2025 18:46