Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Miasma Attack Targets Red Hat npm Packages with Worm

Miasma Attack Targets Red Hat npm Packages with Worm

Posted on June 1, 2026 By CWS

A recent cybersecurity threat, labeled as the Miasma attack, has compromised specific Red Hat npm packages. This campaign aims to steal sensitive credentials and distribute a self-replicating worm across developer environments.

Key Tactics of the Miasma Campaign

The Miasma attack mirrors previous Mini Shai-Hulud strategies by executing during installation, harvesting credentials, and targeting CI/CD systems. It utilizes encrypted exfiltration methods and can potentially propagate further down the supply chain, according to cybersecurity firm Socket.

The individuals orchestrating this attack remain anonymous. However, the open-sourcing of attack tools by the cybercrime group TeamPCP has made it difficult to pinpoint the responsible parties, as these tools are now accessible to various threat actors.

Affected Packages and Attack Mechanics

The compromised packages include @redhat-cloud-services/vulnerabilities-client and others. Security analyses from several firms revealed an obfuscated preinstall hook within these packages, designed to extract cloud credentials, SSH keys, and other confidential information.

The malware uses encrypted channels to transmit stolen data to an external server and employs GitHub as a backup for data transmission. It avoids activation on systems running in Russian, a tactic seen in previous campaigns.

Implications and Security Recommendations

This attack highlights a shift in focus towards cloud identity theft, with new data collectors added for GCP and Azure environments. The malware’s ability to create unique encrypted payloads for each infection complicates detection and version tracking.

Initial findings suggest the attack originated from a compromised Red Hat employee GitHub account. To mitigate the impact, experts advise isolating affected hosts, removing malicious package versions, and rotating compromised credentials.

Additionally, a thorough audit of environments for persistent elements and suspicious activities in GitHub or npm is crucial. Strong access controls and a review of deployed artifacts are recommended to ensure system integrity.

In conclusion, while uninstalling affected packages may seem like a solution, the persistence mechanisms employed by this malware require a more comprehensive approach to secure affected systems effectively.

The Hacker News Tags:CI/CD, cloud security, credential theft, Cybersecurity, developer security, Encryption, Exfiltration, GitHub, Malware, Miasma, NPM, Red Hat, software vulnerabilities, supply chain attack, Threat Actors

Post navigation

Previous Post: Critical IBM WebSphere Flaw Risks Remote Code Execution
Next Post: Critical WP Maps Pro Flaw Endangers WordPress Sites

Related Posts

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers The Hacker News
Boost Cybersecurity with AI-Powered Risk Management Boost Cybersecurity with AI-Powered Risk Management The Hacker News
Warning on Malicious KICS Docker Images and Extensions Warning on Malicious KICS Docker Images and Extensions The Hacker News
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year The Hacker News
Meta Shuts Down 150K Accounts in Global Anti-Scam Effort Meta Shuts Down 150K Accounts in Global Anti-Scam Effort The Hacker News
India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Risk Ledger Secures $32M in Series B Funding
  • CISA Alerts on Critical Fortinet Vulnerabilities
  • New SharePoint Security Gap Exploited After Disclosure
  • CISA Highlights Exploited SharePoint Vulnerability
  • Coca-Cola Halts Fairlife Production Following Cyber Attack

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Risk Ledger Secures $32M in Series B Funding
  • CISA Alerts on Critical Fortinet Vulnerabilities
  • New SharePoint Security Gap Exploited After Disclosure
  • CISA Highlights Exploited SharePoint Vulnerability
  • Coca-Cola Halts Fairlife Production Following Cyber Attack

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark