More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack distributing credential-stealing malware. The attack deployed a new variant of the Shai-Hulud malware, dubbed "Miasma," targeting developer credentials.
Security researchers discovered the compromise affecting Red Hat's npm package ecosystem, exposing developers who depend on the '@redhat-cloud-services' namespace to malicious code injection.
The attack leveraged a supply-chain vulnerability, a common vector for distributing malware at scale. By compromising legitimate, trusted packages, attackers gained direct access to developer environments and systems where these packages are installed and executed.
The malware variant, named Miasma, was specifically designed to harvest developer credentials. Once installed, it can extract authentication tokens, API keys, and other sensitive information from compromised systems. This type of attack poses significant risk, as stolen credentials can grant attackers access to private repositories, cloud infrastructure, and other critical resources.
The '@redhat-cloud-services' namespace is widely used within Red Hat's ecosystem and beyond, meaning the potential impact extends across numerous organizations and projects. Developers who installed affected packages during the compromise window face immediate risk of credential exposure.
Response measures:
Red Hat and npm have been notified and are investigating the scope of the compromise. Affected packages have been flagged, and developers are advised to:
- Review package installation logs for the '@redhat-cloud-services' namespace
- Rotate credentials and authentication tokens immediately
- Monitor accounts for unauthorized access
- Update to patched versions once available
- Check dependent projects for exposure
This incident underscores the ongoing vulnerability of the open-source software supply chain. With millions of developers relying on npm packages daily, compromises at this scale can affect numerous downstream projects and organizations. The use of sophisticated malware variants like Miasma demonstrates attackers' growing focus on credential theft from developer environments as a path to broader system compromise.
Developers should maintain vigilance regarding package dependencies and consider implementing additional security controls such as package integrity verification and runtime monitoring.
Password manager Dashlane disclosed that attackers compromised some customer accounts by brute-forcing its two-factor authentication system, gaining access to encrypted password vaults.
A Grand Theft Auto V cheat service suffered a security breach, with hackers stealing usernames, hashed passwords, and user data from thousands of gamers.
Google is rolling out a new security feature that alerts Android users when incoming calls may be impersonating contacts in their phone. The warning system aims to combat scam calls that spoof known numbers.
AI-powered attacks and unauthorized AI tool adoption are creating new security vulnerabilities within browsers. Organizations now require enhanced browser visibility to detect threats and enforce AI governance policies.