Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
ID: 86cf14c4-6283-5b9e-8b52-117bcb3b50f6
STIX ID: report--86cf14c4-6283-5b9e-8b52-117bcb3b50f6
Feed Name: The Register (Security)
Microsoft warns of the active Miasma campaign that poisoned 20+ npm package releases via a compromised maintainer account to harvest developer workstations and CI secrets (AWS/Azure/GCP, GitHub tokens, Kubernetes/HashiCorp/1Password data, npm creds), scrape GitHub Actions runner memory, exfiltrate to attacker-controlled GitHub repositories, and republish packages to spread; the variant uses the Bun runtime and altered installation techniques. Organizations that installed affected versions should assume exposure, check dependency lockfiles, internal mirrors, build caches, container images and CI runners for malicious releases, and rotate secrets after removing lingering malicious artifacts.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
