Skills
Miasma Supply Chain Attack Compromises 32 Red Hat npm Packages — Cloud Credential-Stealing Worm Hits ~80K Weekly Downloads
On June 1, Wiz Research disclosed 'Miasma,' a supply chain attack that compromised 32 packages under the @redhat-cloud-services npm namespace using a stolen Red Hat employee GitHub account to push malicious orphan commits bypassing code review. The payload deploys a 4.2 MB obfuscated credential stealer targeting GCP and Azure cloud identities, and self-propagates as a worm.
Source
↳ Follow the thread