Miasma: Supply Chain Compromise in RedHat npm Packages (Campaign)
ID: ebced86b-ecd6-5f6c-97bd-22e443c5a528
STIX ID: report--ebced86b-ecd6-5f6c-97bd-22e443c5a528
Feed Name: Wiz Cloud Threat Landscape
Date Published: 2026-06-01
Date Updated: 2026-07-02
Author: [email protected] (Wiz Threat Research)
Wiz Research identified a supply-chain compromise on 1 June 2026 impacting at least 29 package releases in the @redhat-cloud-services npm namespace. Compromised releases included preinstall scripts that executed large, heavily obfuscated JavaScript payloads (eval/ROT decoding) derived from the open-source Mini Shai-Hulud malware; the variant—branded "Miasma: The Spreading Blight"—introduces new collectors for GCP and Azure identities, suggesting an increased focus on obtaining and abusing cloud credentials and access.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
