A supply chain attack dubbed Miasma has compromised Red Hat npm packages (@redhat-cloud-services) to deploy credential-stealing malware and a self-propagating worm on developer systems. The campaign employs Mini Shai-Hulud tactics including install-time execution, credential harvesting, CI/CD pipeline targeting, and encrypted data exfiltration. This incident represents a significant threat to ente
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
