Ethical Hacking News
Red Hat has admitted to a recent breach of its dedicated consulting instance on GitLab, after a group called the Crimson Collective claimed to have stolen hundreds of customer engagement reports. The company is remaining tight-lipped about the details of the breach, leaving many questions unanswered.
Red Hat admitted to a breach of its dedicated consulting instance on GitLab, where an unauthorized third party gained access and copied some data.A group called the Crimson Collective claimed to have raided 28,000 Red Hat repositories, including Customer Engagement Reports containing sensitive information.The incident was limited to the consulting GitLab environment, but details about the stolen data and its origin remain unclear.Red Hat has not provided further information on the breach, despite engaging security experts and notifying law enforcement.Belgium's national cybersecurity authority warned of a "high risk" supply chain impact due to the breach, urging organizations to revoke and rotate credentials shared with Red Hat.
The open-source giant, Red Hat, has finally come clean about a recent breach of its dedicated consulting instance on GitLab. The company revealed that an unauthorized third party gained access to and copied some data from the Red Hat Consulting-managed, dedicated GitLab instance.
The admission comes after a group called the Crimson Collective, which claims to have raided some 28,000 Red Hat repositories, began boasting about their alleged heist in early October. In Telegram messages seen by The Register, the group claimed to have stolen hundreds of Customer Engagement Reports, which typically contain architecture diagrams, configuration details, authentication tokens, and network maps.
Red Hat has limited itself to stressing that the incident was confined to the consulting GitLab environment, without providing any further information on what kind of data was taken or whose it was. The company also confirmed that it has "engaged leading security experts" and notified law enforcement, standard fare for any corporate breach disclosure. Beyond that, Red Hat is keeping schtum.
This lack of transparency has left many questions unanswered. Consulting environments often contain more than just toy projects: documentation, integration scripts, and client configs can all end up in repositories, and those can provide useful intelligence for future attacks.
The Crimson Collective, meanwhile, is making as much noise as it can. The group has been touting samples of allegedly stolen Red Hat repositories, claiming a far bigger haul than Red Hat has acknowledged. The attackers, who shared samples of the allegedly stolen data with The Register, claim the stolen reports span 2020–2025 and involve major organizations in banking, telecoms, and government.
The breach comes at a sensitive time for Red Hat, as it was already dealing with another critical bug in its OpenShift AI that required patching just a day before the Crimson Collective's claims surfaced. The two issues are unrelated, but the optics of "new bug" followed by "GitLab breach" are less than flattering.
Red Hat has promised to provide updates if they learn of significant new information about the incident. Until then, customers are left hoping that the incident really was as limited as the company insists.
In related news, Belgium's national cybersecurity authority has sounded the alarm over a potential supply chain impact due to the breach. The agency warned of a "high risk" and urged Belgian organizations to revoke and rotate all tokens, keys, and credentials shared with Red Hat or used in integrations.
Red Hat spokesperson Stephanie Wonderlick told The Register that at this time, they have no reason to believe the security issue impacts any of their other Red Hat services or products. She added that they are highly confident in the integrity of their software supply chain.
The timing of the breach is particularly concerning, as it raises questions about how secure Red Hat's systems truly are. The company has been working hard to demonstrate its commitment to cybersecurity, but this incident may have dented those efforts just a bit.
Related Information:
https://www.ethicalhackingnews.com/articles/Red-Hat-Admits-to-GitLab-Breach-After-Cyber-attackers-Bragged-About-Data-Theft-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/10/03/red_hat_gitlab_breach/
https://www.theregister.com/2025/10/03/red_hat_gitlab_breach/
https://www.bleepingcomputer.com/news/security/red-hat-confirms-security-incident-after-hackers-breach-gitlab-instance/
Published: Fri Oct 3 10:03:24 2025 by llama3.2 3B Q4_K_M
