Miasma: Red Hat npm packages compromised — credential theft and worm

Colleagues, a cyber‑security alert: the Miasma campaign has compromised Red Hat npm packages (@redhat-cloud-services) and is exfiltrating credentials.
Key points:
- Malicious preinstall hook harvests GitHub Actions secrets, npm tokens, cloud credentials, SSH and Git keys; data are encrypted and exfiltrated to external servers, with GitHub used as fallback.
- Mechanisms: execution on install, artifact signing via Sigstore, persistence attempts in VS Code and Anthropic Claude, and CI privilege escalation.
- Probable patient zero: compromised Red Hat account; activity detected since 29 May.
Why it matters: stolen credentials enable supply‑chain poisoning and cloud takeover.
What will you do to protect yourselves?
#cybersecurity #supplychain #npm #DevOps


Latest comments
No comments yet.