Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Miasma Attack Targets Red Hat npm Packages with Worm

Miasma Attack Targets Red Hat npm Packages with Worm

Posted on June 1, 2026 By CWS

A recent cybersecurity threat, labeled as the Miasma attack, has compromised specific Red Hat npm packages. This campaign aims to steal sensitive credentials and distribute a self-replicating worm across developer environments.

Key Tactics of the Miasma Campaign

The Miasma attack mirrors previous Mini Shai-Hulud strategies by executing during installation, harvesting credentials, and targeting CI/CD systems. It utilizes encrypted exfiltration methods and can potentially propagate further down the supply chain, according to cybersecurity firm Socket.

The individuals orchestrating this attack remain anonymous. However, the open-sourcing of attack tools by the cybercrime group TeamPCP has made it difficult to pinpoint the responsible parties, as these tools are now accessible to various threat actors.

Affected Packages and Attack Mechanics

The compromised packages include @redhat-cloud-services/vulnerabilities-client and others. Security analyses from several firms revealed an obfuscated preinstall hook within these packages, designed to extract cloud credentials, SSH keys, and other confidential information.

The malware uses encrypted channels to transmit stolen data to an external server and employs GitHub as a backup for data transmission. It avoids activation on systems running in Russian, a tactic seen in previous campaigns.

Implications and Security Recommendations

This attack highlights a shift in focus towards cloud identity theft, with new data collectors added for GCP and Azure environments. The malware’s ability to create unique encrypted payloads for each infection complicates detection and version tracking.

Initial findings suggest the attack originated from a compromised Red Hat employee GitHub account. To mitigate the impact, experts advise isolating affected hosts, removing malicious package versions, and rotating compromised credentials.

Additionally, a thorough audit of environments for persistent elements and suspicious activities in GitHub or npm is crucial. Strong access controls and a review of deployed artifacts are recommended to ensure system integrity.

In conclusion, while uninstalling affected packages may seem like a solution, the persistence mechanisms employed by this malware require a more comprehensive approach to secure affected systems effectively.

The Hacker News Tags:CI/CD, cloud security, credential theft, Cybersecurity, developer security, Encryption, Exfiltration, GitHub, Malware, Miasma, NPM, Red Hat, software vulnerabilities, supply chain attack, Threat Actors

Post navigation

Previous Post: Critical IBM WebSphere Flaw Risks Remote Code Execution
Next Post: Critical WP Maps Pro Flaw Endangers WordPress Sites

Related Posts

You Didn’t Get Phished — You Onboarded the Attacker You Didn’t Get Phished — You Onboarded the Attacker The Hacker News
WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices The Hacker News
Exploitation of PAN-OS Security Flaw Intensifies Exploitation of PAN-OS Security Flaw Intensifies The Hacker News
Critical Flaw in MCP Protocol Poses Major AI Supply Chain Risk Critical Flaw in MCP Protocol Poses Major AI Supply Chain Risk The Hacker News
Critical U-Boot Vulnerabilities Discovered in Firmware Security Critical U-Boot Vulnerabilities Discovered in Firmware Security The Hacker News
Join Webinar to Combat Rapid AI Cyber Threats Join Webinar to Combat Rapid AI Cyber Threats The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Alerts on Critical Fortinet Vulnerabilities
  • New SharePoint Security Gap Exploited After Disclosure
  • CISA Highlights Exploited SharePoint Vulnerability
  • Coca-Cola Halts Fairlife Production Following Cyber Attack
  • 7-Zip Flaw Risks Remote Code Execution for Millions

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Alerts on Critical Fortinet Vulnerabilities
  • New SharePoint Security Gap Exploited After Disclosure
  • CISA Highlights Exploited SharePoint Vulnerability
  • Coca-Cola Halts Fairlife Production Following Cyber Attack
  • 7-Zip Flaw Risks Remote Code Execution for Millions

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark