SECURITYTHE HACKER NEWS
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Miasma malware, part of the Mini Shai-Hulud, Miasma, and Hades family, has compromised new npm packages like LeoPlatform and RStreams while expanding to the Go ecosystem. The attack also involves malicious GitHub Actions workflow abuse.
Mentioned
Related Signal
Adjacent reporting
- SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
- TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
- Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
- IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
- Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
- Mini Shai-Hulud returns, compromising hundreds of npm packages