Miasma Worm Compromises Red Hat npm Packages

// 2h agoSECURITY INCIDENT

Miasma Worm Compromises Red Hat npm Packages

More than 30 official npm packages under Red Hat's @redhat-cloud-services scope have been compromised in a supply chain attack that bypassed SLSA provenance checks using GitHub Actions OIDC tokens. The malicious packages execute the 'Miasma' credential-stealing worm via obfuscated preinstall scripts to harvest cloud environment credentials, developer environment tokens, and CI/CD secrets.

// ANALYSIS

This compromise represents a major escalation in supply chain attacks by successfully abusing GitHub Actions OIDC tokens to bypass trust frameworks, obtaining legitimate SLSA provenance attestations for malicious packages. It demonstrates that cryptographically signed artifact verification is only as secure as the identity and access management controls guarding the deployment workflows.

* Attackers exploited a compromised developer GitHub account to inject malicious preinstall hooks into package releases.

* The malware bypassed traditional signature-based detection through valid SLSA provenance attestations and heavy obfuscation.

* Targeted exfiltration specifically focused on developer infrastructure keys (Kubernetes secrets, HashiCorp Vault tokens, NPM/GitHub API keys) and cloud platform identities (Azure, GCP).

* Organizations utilizing @redhat-cloud-services packages must assume complete compromise of credentials present in those environments, requiring immediate system-wide rotation and script execution policies like `--ignore-scripts`.

// TAGS

npmred-hatsecuritysupply-chainmalwaremiasmacredential-theftgithub-actions

DISCOVERED

2h ago

2026-06-01

PUBLISHED

4h ago

2026-06-01

RELEVANCE

9/ 10

AUTHOR

kurmiashish

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

MODEL26m ago

Tencent releases Hunyuan 3 Preview, a 295-billion parameter open-source Mixture-of-Experts model.

Tencent has open-sourced Hunyuan 3 Preview, a massive 295-billion parameter Mixture-of-Experts (MoE) model with an expansive 256K token context window. This model is built on an overhauled training infrastructure and introduces a hybrid fast and slow thinking approach, optimizing its performance for complex reasoning, instruction following, and advanced software engineering use cases.

UPDATE1h ago

DigitalOcean adds DeepSeek-V4-Flash to Serverless Inference

DigitalOcean has expanded its Serverless Inference platform by adding DeepSeek-V4-Flash, providing zero-infrastructure access to this 1M-token context Mixture of Experts (MoE) model. The integration features a unified OpenAI-compatible API and predictable usage-based pricing to easily scale high-throughput, agent-based workloads.

SECURITY1h ago

A supply chain attack dubbed Miasma has compromised over 30 official Red Hat npm packages with credential-stealing malware.

A highly sophisticated supply chain attack hijacked a Red Hat developer account to inject the Miasma malware into more than 30 official npm packages under the @redhat-cloud-services scope. During installation, these backdoored packages silently harvest sensitive information, including cloud logins, CI/CD secrets, and Kubernetes tokens, presenting a severe threat to organizations using these services.