Miasma Returns: Leo Platform Compromise in npm
ID: 8cda2d93-e1fa-5ad3-a4fd-6aebf13453ce
STIX ID: report--8cda2d93-e1fa-5ad3-a4fd-6aebf13453ce
Feed Name: Security Boulevard
Sonatype reports a resurgence of the "Shai-Hulud Miasma" npm supply-chain campaign in which a compromised maintainer account published malicious package versions (≈23) that abuse binding.gyp/node-gyp to execute during installation, enabling credential theft, persistence, and propagation through trusted publishing workflows; organizations should treat developer workstations, CI/CD runners, and build containers as potentially compromised, remove malicious versions, investigate install-time execution, and rotate credentials only after removing persistence.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
