Find notable cyber news and cases, enriched with sources, timelines, and signals.

Red Hat npm Namespace Hijacked in Supply Chain hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 13
2 unique sources, 2 articles

Summary

Hide ▲

Red Hat's official npm namespace was hijacked in a supply chain attack that republished 32 packages in the @redhat-cloud-services scope on June 1, 2026. The malicious uploads landed in 72 seconds and used an install-time preinstall script to steal cloud, CI/CD, and npm credentials, with roughly 9.8 million downloads affected. Researchers tracked the payload as a Mini Shai-Hulud variant called Miasma. Evidence also linked the activity to a compromised Red Hat employee GitHub account and to GitHub Actions OIDC tokens, while the first related Miasma commit appeared on May 29, 2026.

Related Happenings

AsyncAPI malicious npm package supply-chain malware

Malware Activity
H score21 First: 15.07.2026 18:37 Last: 15.07.2026 18:37 Sources 1

About this happening: Malicious AsyncAPI npm releases pushed a remote access trojan and info-stealing payload into packages with more than 2.25 million weekly downloads, putting downstr...

AsyncAPI repositories and npm publishing workflow hit by network compromise

Incident
H score27 First: 15.07.2026 12:16 Last: 15.07.2026 12:16 Sources 1

About this happening: The AsyncAPI npm publishing pipeline was compromised in a July 14 supply-chain attack that used the project’s normal GitHub Actions release path to publish trojani...

GitHub fake-repository infostealer campaign

Campaign
H score41 First: 14.07.2026 22:15 Last: 14.07.2026 22:15 Sources 1

About this happening: A GitHub impersonation campaign is distributing infostealer malware through 292 fake repositories, expanding the risk to users searching for trusted software downloads...

Jscrambler hit by network compromise

Incident
H score15 First: 13.07.2026 22:44 Last: 13.07.2026 22:44 Sources 1

About this happening: The Jscrambler npm package suffered an unauthorized publication of a malicious version that exposed developers to infostealer theft risk. The bad release stayed li...

OpenMandriva Linux project hit by cyberattack

Incident
H score32 First: 10.07.2026 01:14 Last: 10.07.2026 01:14 Sources 1

About this happening: The OpenMandriva Linux project is recovering from an attempted internal sabotage that deleted repositories and published an empty package that could have damaged user...

Timeline

  1. 01.06.2026 20:40 1 articles · 1mo ago

    Miasma string first appears in a GitHub commit

    Technical Analysis Update

    OX Security noted that the first commit containing the string "Miasma: The Spreading Blight" appeared on May 29, 2026, suggesting the variant was active by then or was being tested. The related activity was tied to a compromised Red Hat employee's GitHub account that was used as patient zero to inject malicious payloads into two RedHatInsights repositories.

    Show sources
  2. 01.06.2026 20:40 3 articles · 1mo ago

    Miasma compromises @redhat-cloud-services npm packages

    Initial Disclosure

    Researchers described a Mini Shai-Hulud supply chain campaign codenamed Miasma that compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. Evidence suggests a compromised Red Hat employee's GitHub account served as patient zero for malicious orphan commits into two RedHatInsights repositories, and attribution remained unknown.

    Show sources