Red Hat removes tainted packages after software pipeline compromise

Red Hat removed dozens of packages after attackers used a compromised GitHub account to distribute a credential‑stealing malware variant called Miasma (derived from the open‑sourced Mini Shai‑Hulud worm), affecting 32 packages with roughly 117,000 weekly downloads; the report links the activity to the criminal group TeamPCP and notes broader cascading supply‑chain intrusions and copycat activity following the worm's public release.