Skip to content

Supply-Chain Attack Miasma: Red Hat npm Packages Infected with Worm

The Bottom Line: A supply-chain attack on Red Hat npm packages exploits install-time execution and credential harvesting to infiltrate developer and CI/CD systems with self-propagating malware.

A supply-chain attack dubbed Miasma has compromised npm packages from the Red Hat ecosystem and leverages installation-time execution for credential harvesting and malware distribution. The campaign shows structural similarities to previous Mini Shai-Hulud attacks but targets CI/CD environments specifically.

The attack targets @redhat-cloud-services packages in the npm registry, with malicious code executing at installation time. This is a vector choice that has significant impact on development teams, as npm dependencies are typically installed without isolated sandbox execution.

Miasma employs multiple attack tactics: install-time execution enables code execution during the package installation process, credential harvesting targets credentials stored on developer machines, and the attack explicitly targets CI/CD pipelines—a critical distribution point within DevOps environments. Exfiltrated data is transmitted encrypted, complicating network-based detection mechanisms.

Particularly problematic: the worm mechanism enables self-propagation within the organization once a system is compromised. This exponentially increases infection risk, especially in environments with automated dependency installation.

For CISOs, immediate action items emerge: audits of compromised npm dependencies are necessary, credential rotation for development-related secrets should be initiated, and CI/CD pipelines must be examined for suspicious activity. Long-term measures should prioritize software supply chain security (e.g., SBOM usage, provenance verification, package signing).


Source: thehackernews.com · Published June 1, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification through Lumi News Pipeline v1.2.8.

Share on: