Skip to content
The Nexus
SECURITYJun 26 · 12:18 UTCTHE REGISTER

Miasma campaign poisons 20-plus npm packages, hunts for developer secrets

The Miasma malware campaign has poisoned over 20 npm packages in the Leo Platform and RStreams ecosystems, targeting developer credentials and CI environments. The attack, executed in under three seconds by compromising an npm maintainer account, steals secrets from cloud providers, GitHub, and other platforms, and republishes packages to propagate further.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting