logo

Miasma: Supply Chain Compromise in RedHat npm Packages (Campaign)

ID: ebced86b-ecd6-5f6c-97bd-22e443c5a528

STIX ID: report--ebced86b-ecd6-5f6c-97bd-22e443c5a528

Feed Name: Wiz Cloud Threat Landscape

Threat Score
85/100

Date Published: 2026-06-01

Date Updated: 2026-07-02

Author: [email protected] (Wiz Threat Research)

...
...

Wiz Research identified a supply-chain compromise on 1 June 2026 impacting at least 29 package releases in the @redhat-cloud-services npm namespace. Compromised releases included preinstall scripts that executed large, heavily obfuscated JavaScript payloads (eval/ROT decoding) derived from the open-source Mini Shai-Hulud malware; the variant—branded "Miasma: The Spreading Blight"—introduces new collectors for GCP and Azure identities, suggesting an increased focus on obtaining and abusing cloud credentials and access.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.