SECURITYTHE REGISTER
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
The Miasma malware campaign has poisoned over 20 npm packages in the Leo Platform and RStreams ecosystems, targeting developer credentials and CI environments. The attack, executed in under three seconds by compromising an npm maintainer account, steals secrets from cloud providers, GitHub, and other platforms, and republishes packages to propagate further.
Mentioned
Related Signal
Adjacent reporting
- Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
- Mini Shai-Hulud returns, compromising hundreds of npm packages
- Cache-poisoning caper turns TanStack npm packages toxic
- New Shai-Hulud malware wave compromises 600 npm packages
- IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
- Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries