VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Miasma: Red Hat npm packages compromised — credential theft and worm

Miasma: Red Hat npm packages compromised — credential theft and worm

Colleagues, a cyber‑security alert: the Miasma campaign has compromised Red Hat npm packages (@redhat-cloud-services) and is exfiltrating credentials.

Key points:
- Malicious preinstall hook harvests GitHub Actions secrets, npm tokens, cloud credentials, SSH and Git keys; data are encrypted and exfiltrated to external servers, with GitHub used as fallback.
- Mechanisms: execution on install, artifact signing via Sigstore, persistence attempts in VS Code and Anthropic Claude, and CI privilege escalation.
- Probable patient zero: compromised Red Hat account; activity detected since 29 May.

Why it matters: stolen credentials enable supply‑chain poisoning and cloud takeover.

What will you do to protect yourselves?

#cybersecurity #supplychain #npm #DevOps

Latest comments

No comments yet.