Storia in 8 fonti

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.

Raccontata dailsoftware.itthehackernews.comarstechnica.combleepingcomputer.comtheregister.cominfoworld.comsecurityweek.comheise.de

Confronto fonti

6 prospettive sulla stessa storia

AI · summaries

thehackernews.comStai leggendo21 h fa

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Miasma compromised @redhat-cloud-services npm packages, harvesting credentials and persisting in development tools. The worm escalates privileges, steals cloud identities, and propagates via GitHub—threatening CI/CD integrity and supply chains.

originale

bleepingcomputer.com17 h fa

Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma."

Leggi questa versione → originale

infoworld.com16 h fa

Infected Red Hat npm packages expose developer credentials

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through software publishing ecosystems for persistence and credential theft.

Leggi questa versione → originale

securityweek.com5 h fa

Supply Chain Attack Hits 32 Red Hat NPM Packages

32 Red Hat NPM packages compromised in 72-second attack; malware steals GitHub/npm tokens, cloud credentials impacting ~10M downloads. Supply chain attack escalation; immediate credential rotation and dependency audits critical for all JavaScript-using teams.

Leggi questa versione → originale

heise.de2 h fa

Red-Hat-Infostealer kommt auf mehr als 100.000 Downloads

Die Managed Cloud Services von Red Hat waren das Ziel einer Lieferkettenattacke. Dahinter steckt ein Klon des npm-Wurms Mini Shai‑Hulud.

Leggi questa versione → originale

theregister.com16 h fa

Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week

TeamPCP? Or copycat malware dev?

Leggi questa versione → originale

Timeline cronologica

1. lunedì 1 giugno 2026·ilsoftware.it
   

   Attacco a Red Hat: malware nascosto nei pacchetti npm, a rischio credenziali cloud

   Pacchetti Red Hat Cloud Services compromessi su npm: furto di segreti CI/CD, token cloud, worm e mitigazioni.

2. lunedì 1 giugno 2026·thehackernews.com
   

   Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

   Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.

3. lunedì 1 giugno 2026·arstechnica.com
   

   Dozens of Red Hat packages backdoored through its official NPM channel

   Anyone who has downloaded affected Red Hat packages should investigate immediately.

4. lunedì 1 giugno 2026·arstechnica.com
   

   Dozens of Red Hat packages backdoored through its offical NPM channel

   Anyone who has downloaded affected Red Hat packages should investigate immediately.

5. lunedì 1 giugno 2026·bleepingcomputer.com
   

   Red Hat npm packages compromised to steal developer credentials

   More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud…

6. lunedì 1 giugno 2026·theregister.com
   

   Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week

   TeamPCP? Or copycat malware dev?

7. martedì 2 giugno 2026·infoworld.com
   

   Infected Red Hat npm packages expose developer credentials

   Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through software publishing ecosystems for persistence and credential…

8. martedì 2 giugno 2026·securityweek.com
   

   Supply Chain Attack Hits 32 Red Hat NPM Packages

   Hackers published 96 malicious versions across 32 Red Hat NPM packages in a supply chain attack similar to Mini Shai-Hulud.

9. martedì 2 giugno 2026·heise.de
   

   Red-Hat-Infostealer kommt auf mehr als 100.000 Downloads

   Die Managed Cloud Services von Red Hat waren das Ziel einer Lieferkettenattacke. Dahinter steckt ein Klon des npm-Wurms Mini Shai‑Hulud.