Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's @redhat-cloud-services namespace were compromised in a supply-chain attack distributing the Miasma variant of Shai-Hulud malware. The attack, dubbed Miasma, uses Mini Shai-Hulud tactics including install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and self-propagating worm behavior. Security firms Aikido and OX Security discovered the backdoors in package versions with approximately 117,000 weekly downloads. The malware targets developer credentials, cloud secrets, SSH keys, and CI/CD tokens. TeamPCP has open-sourced tools linked to the Shai-Hulud campaign, though the attackers remain unidentified.