Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages in Red Hat's @redhat-cloud-services namespace were compromised and used to distribute a new Shai-Hulud variant named “Miasma,” which installs via a malicious preinstall script to harvest developer credentials, cloud secrets, SSH keys, CI/CD tokens, and other sensitive data; the attack reportedly used a compromised Red Hat employee GitHub account and OIDC-based publishing to push backdoored releases, affecting 32 packages (96 versions) with roughly 117,000 weekly downloads and contributing to a broader campaign that has impacted hundreds of repositories.