The bottom line: An npm worm clone named Miasma targeted Red Hat Services in a supply chain attack.
Red Hat’s Managed Cloud Services were the target of a supply chain attack via an npm worm clone called Miasma, which is derived from the known Mini-Shai-Hulud worm. The attack underscores the persistent risk posed by compromised software packages in the supply chain.
Security researchers have documented a supply chain attack on Red Hat’s Managed Cloud Services carried out by a worm named Miasma. This malware is based on a variant of the well-known npm worm Mini-Shai-Hulud and leverages the npm registry as a distribution channel for malicious code.
The attack model follows classical supply chain patterns: the worm infects one or more seemingly legitimate npm packages that are installed by development teams in Red Hat’s cloud environment. Once the code is executed, the worm can propagate itself to further systems and dependencies. The connection to the Mini-Shai-Hulud worm suggests that attackers are recycling and adapting already-known techniques to target new victims.
For CISOs, this incident underscores the critical need to centrally monitor and validate software dependencies — regardless of whether they are sourced from trusted vendors like Red Hat. Package sources such as npm require continuous security monitoring, and development processes should employ code signature verification and sandboxing techniques. NIS2 requirements for supply chain security (Article 10) are increasingly making such preventive controls mandatory for regulated operators.
Source: www.heise.de · Published June 2, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.2.9.