A cybercrime group infiltrated Red Hat's private GitLab instance, stealing sensitive consulting reports and claiming access to customer infrastructure details. While Red Hat confirms the breach but downplays immediate product risks, the incident reignites critical questions about trust in open-source supply chains.