The Point: The Miasma malware family compromises npm packages and GitHub Actions as new supply chain attack vectors.
Researchers have documented a new wave of supply chain attacks by the Miasma malware family, which has compromised npm packages such as LeoPlatform and RStreams and abused GitHub Actions. The attacks demonstrate an expansion into the Go ecosystem.
Cybersecurity researchers have identified the latest variant of supply chain attacks attributable to the Miasma malware family. This belongs to the broader context of the malware families Mini Shai-Hulud and Hades. The current campaign specifically compromises npm packages and is expanding into the Go ecosystem.
The documented activity includes manipulated npm releases of the packages LeoPlatform and RStreams as well as abuse of GitHub Actions workflows. By compromising widely-used open source dependencies, attackers can potentially infect thousands of dependent projects and take control of their build processes.
For security professionals, this represents an increased threat to their own supply chain: any project that uses these npm packages directly or indirectly could be affected. Automation through GitHub Actions amplifies the risk, since manipulated workflows execute without manual intervention. An audit of the npm dependencies in use and a review of GitHub Actions configurations and their permissions are urgently recommended.
Source: thehackernews.com · Published June 26, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification via Lumi News Pipeline v1.7.1.