Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On May 25, 2026, the maintainer of jqwik, a Java property-based testing library, released version 1.10.0 to Maven Central with a hidden instruction intended for AI coding agents. The payload told agents to disregard previous instructions and delete all jqwik tests and code. It was hidden from humans with ANSI terminal codes but left fully readable to any tool that captures raw output.

On June 1, 2026, researchers identified malicious code embedded in at least 32 package releases published under the @redhat-cloud-services npm namespace, a set of frontend components and API clients that power the Red Hat Hybrid Cloud Console. The compromised releases carry a preinstall script that runs an obfuscated payload the moment a package is installed, harvesting developer and cloud credentials and attempting to spread itself to other packages the victim can publish.