Large npm supply‑chain compromise targets Red Hat scope
🛡️ Microsoft Threat Intelligence disclosed a widespread npm supply‑chain attack that trojanized 32 packages across the @redhat-cloud-services scope via a compromised CI/CD pipeline. The malicious packages used an npm preinstall hook to run an obfuscated 4.29 MB dropper that downloads the Bun runtime and executes credential‑stealing and propagation payloads across Linux, macOS, and Windows. The campaign, labelled “Miasma: The Spreading Blight,” harvested secrets from GitHub Actions runners, cloud provider CLIs, SSH keys, browsers, and vaults, and attempted to republish poisoned packages and inject code into victim repositories.
