Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages

Monday, June 1, 2026 at 12:00 AM UTC·Source: Snyk

Updated: Monday, June 1, 2026 at 10:01 PM UTC

Executive Summary

A supply chain worm dubbed Miasma has been found in dozens of @redhat-cloud-services npm releases. The malicious preinstall hook steals credentials, probes cloud identities, and can republish other packages.

Analysis

Source Attribution

Originally published by Snyk on Jun 1, 2026.

Related Threats

MEDIUMSupply Chain

The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)

Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) appeared first on Unit 42 .

1h agoUnit 42 (Palo Alto)

HIGHSupply Chain

Infected Red Hat npm packages expose developer credentials

Developers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead. Security researchers from several cybersecurity outlets are warning of a new supply chain attack compromising over 30 Red Hat Cloud Services-related npm packages to steal credentials, authentication tokens, and other secrets from developer environments. The campai

7h agoCSO Online

MEDIUMSupply Chain

Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets

Attackers backdoored 32 packages in Red Hat's official npm scope to steal cloud and CI secrets

9h agoInfosecurity Magazine