> TritonInfoSec News
Home / Jun 02, 2026 / Story
0
#3 The Hacker News general June 01, 2026 at 17:40 UTC

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

By [email protected] (The Hacker News)

AI Summary

A supply chain attack dubbed 'Miasma' compromised over 30 npm packages under Red Hat's official '@redhat-cloud-services' namespace, deploying a credential-stealing worm that harvests secrets from developer machines and targets CI/CD pipelines. The malware uses install-time execution, encrypted exfiltration, and self-propagation — tactics borrowed from the previously documented 'Mini Shai-Hulud' campaign. Developers who downloaded affected packages should audit their environments and rotate any exposed credentials immediately.

Read full article → https://thehackernews.com/2026/06/miasma-supply-ch…

Relevance score: 89.0/100

# More from June 02

  1. 1
    Critical Windows Netlogon RCE flaw now exploited in attacks BleepingComputer
  2. 2
    Recent Palo Alto Networks Vulnerability Exploited for Weeks SecurityWeek
  3. 4
    Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts Krebs on Security
  4. 5
    Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices The Hacker News
  5. 6
    19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access SecurityWeek
  6. 7
    OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack The Hacker News
  7. 8
    Inspector general finds NIST mistakes have made vulnerability database ineffective The Record
  8. 9
    Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts The Hacker News
  9. 10
    Microsoft says it will not pursue security researchers after zero-day backlash The Record