Miasma Malware Compromises 32 Red Hat npm Packages via Hijacked GitHub Account in Supply Chain Attack

The Miasma malware compromised 32 Red Hat npm packages via a hijacked GitHub account, enabling a supply chain attack targeting cloud tokens, CI/CD secrets, and developer credentials. The attack exposed sensitive data by embedding malicious code within the packages, though no specific dates or CVE IDs were disclosed. The incident highlights risks in open-source dependency chains, particularly through GitHub and npm repositories. Red Hat packages were directly impacted, with the malware designed to exfiltrate critical authentication details. No further technical specifics about the malware’s mechanisms or affected versions were provided. The attack underscores vulnerabilities in software supply chain security.