Over 30 npm packages from Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack, distributing a new variant of credential-stealing malware called "Miasma." The malicious packages were designed to steal sensitive developer credentials and were removed by Red Hat upon discovery, with no impact reported on customer environments.
The compromise of over 30 Red Hat npm packages highlights the critical need for robust identity management and access control, particularly in developer environments. The attackers leveraged a GitHub account compromise to inject credential-stealing malware into the supply chain, underscoring the importance of implementing strong authentication measures and regular credential rotation policies to protect against such threats. Organizations should immediately rotate credentials and review their access management practices to mitigate similar vulnerabilities.