At the time of disclosure, 309 GitHub repositories had been compromised by the Miasma malware campaign. The affected packages averaged roughly 80,000 to 117,000 weekly downloads inside the @redhat-cloud-services npm scope. Bleeping ComputerUpwind Security

On June 1, 2026, unauthorised commits were pushed to repositories in the RedHatInsights GitHub organisation and used to publish malicious versions of 32 packages under the @redhat-cloud-services npm scope. The campaign, tracked as Miasma, executes a 4.2 MB obfuscated payload through an npm preinstall hook the moment any of these packages is installed. Upwind Security

The attack rolled out in at least three distinct waves: the first starting around 10:54 UTC, a second around 13:45 UTC, and a third around 14:23 UTC — with detection lagging by roughly an hour each time. The confirmed total across all waves is 95 compromised versions. The CyberSec Guru

Dark web intelligence firm CybelAngel confirmed that the Red Hat employee’s GitHub credentials — including an active session cookie capable of bypassing multi-factor authentication — had appeared in infostealer logs on April 13 and again on May 15, 2026. The gap between first credential exposure and weaponisation was nearly seven weeks. Lab Space

On June 4, 2026, Wiz Research published an additional threat advisory covering a new wave of packages linked to the Miasma campaign, with a modified payload. Snyk

Red Hat confirmed it removed the affected packages after becoming aware of the incident and stated that the compromise was limited to internal development tooling. Bleeping Computer

[CONFIRMED] The payload actively queries AWS Secrets Manager, SSM Parameter Store, Azure Key Vault, and GCP Secret Manager when permissions allow — going beyond static credential files to reach live cloud secret stores. Cyber Security News

[CONFIRMED] Once running, the worm hijacked the CI/CD secrets/permissions of infected downstream organizations to further its propagation beyond the initial Red Hat namespace. Upwind Security

[CONFIRMED] 309 GitHub repositories were confirmed compromised downstream by the campaign at time of reporting (BleepingComputer, June 5, 2026). Bleeping Computer

[CONFIRMED] The Miasma tooling was built on the Mini Shai-Hulud malware framework open-sourced by TeamPCP on May 12, 2026 — meaning any threat actor now has access to the same techniques and can replicate or adapt them. Aikido

Infostealer-sourced credentials undetected for seven weeks. The Red Hat employee’s GitHub credentials appeared in infostealer logs on April 13 and May 15, 2026 — but the organisation had no monitoring process that would have detected and acted on compromised credentials appearing in commercial threat intelligence feeds before the attacker weaponised them on June 1. Lab Space

OIDC pipeline exploitation, not account phishing. The malicious packages were published via GitHub Actions OIDC tokens, indicating the CI/CD pipeline itself was compromised rather than individual developer npm accounts — the attacker abused a structural trust relationship, not a weak password. Cyber Security News

Open-sourced attack framework lowered the barrier. Since the Mini Shai-Hulud tooling was made publicly available, other threat actors have access to the same techniques and can replicate or adapt them — the three-week gap from framework publication to refined campaign execution confirms how rapidly the open-source attack ecosystem operates. Aikido

[CF-1] 🪪 Identity — Compromised employee credentials present in commercial infostealer logs for 49 days with no detection or forced rotation.

[CF-2] ⚙️ Technology — CI/CD pipeline trusted OIDC tokens without anomaly detection on unusual publish-time commit patterns; no integrity verification on outbound npm publishes.

[CF-3] 📋 Process — No dark web / infostealer monitoring integrated into credential hygiene workflow; no automated response to credential exposure signals.

[CF-4] 🔗 Third Party — Downstream organisations had no mechanism to detect that a trusted, verified npm namespace had been backdoored between install cycles.

↳ CF-1 — Integrate infostealer log monitoring into credential rotation (NIS2 Article 21(2)(i) — identity and access management) Subscribe to a commercial credential exposure feed and enforce immediate forced rotation for any employee credential appearing in infostealer logs — do not wait for an incident to act on an exposure signal.

↳ CF-2 — Harden CI/CD OIDC token scope and publish-time controls (ISO 27001 A.8.8 — management of technical vulnerabilities) Restrict OIDC token permissions to the minimum required scope, require code review approval before any publish-triggering workflow runs, and deploy anomaly detection on package publish frequency and timing.

↳ CF-3 — Establish a supply chain software bill of materials (SBOM) process (NIS2 Article 21(2)(d) — supply chain security) Maintain an approved dependency inventory, monitor for namespace-level compromise alerts from providers such as Aikido, Snyk, or Wiz, and define a maximum acceptable response window between alert and isolation.

↳ CF-4 — Deploy runtime secrets scanning on all CI/CD pipelines (NIST SP 800-218 SSDF — PW.4) Scan for secrets at build time and block pipelines that produce artefacts containing credentials; treat any npm install in CI as a potential credential-exposure event if the package touches AWS, GCP, Azure, or Vault configuration paths.

NIS2 Directive — Article 21(2)(d) — Supply chain security The Miasma campaign is a textbook NIS2 supply chain incident: a trusted third-party component introduced malicious code into downstream organisations’ environments without their knowledge. NIS2 requires essential and important entities to assess and manage the security risks arising from their software supply chain — including the security practices of direct suppliers.

NIS2 Directive — Article 21(2)(i) — Identity and access management The seven-week gap between credential exposure and weaponisation represents a failure of the access control and identity management obligations under NIS2, which requires proportionate technical measures to prevent unauthorised access.

GDPR Article 32 — Security of processing Any organisation that installed affected packages and had personal data accessible from the compromised CI/CD environment may face a personal data breach notification obligation under GDPR Article 33 — within 72 hours of becoming aware.

↳ CF-1 + CF-3 💡 Dark Web & Credential Exposure Monitoring SEG provides continuous monitoring of commercial infostealer logs and dark web credential markets, with automated alerting and guided rotation workflows — closing the detection gap that enabled the Miasma compromise.

↳ CF-2 💡 CI/CD Security Assessment & Pipeline Hardening SEG conducts targeted assessments of GitHub Actions, GitLab CI, and Jenkins pipelines to identify over-permissioned OIDC configurations, unreviewed publish workflows, and missing integrity controls before attackers exploit them.

↳ CF-4 💡 Third-Party & Supply Chain Risk Assessment SEG delivers supply chain security reviews that map every third-party dependency to its risk profile, implement SBOM processes, and establish monitoring alerts for namespace-level compromise events across npm, PyPI, and other registries.

TeamPCP has now compromised GitHub (via Nx Console), Microsoft’s DurableTask SDK on PyPI, and Red Hat’s entire @redhat-cloud-services npm namespace — all within six weeks. The pattern is deliberate: target the infrastructure that developers trust implicitly, harvest credentials at scale, and propagate. The open-sourcing of the Mini Shai-Hulud framework on May 12 means the techniques are no longer exclusive to one group. European organisations running open-source CI/CD pipelines should assume the next wave is already in preparation.

“This is the third major supply chain hit from this threat actor cluster in six weeks, and it represents a critical tactical shift. Attackers aren’t just phishing for weak developer passwords anymore—they are harvesting active session cookies to bypass MFA entirely, hijacking the automated OIDC trust architecture of the CI/CD pipeline itself.

If your DevSecOps strategy relies on the assumption that a signed, trusted vendor namespace is inherently safe, this incident invalidates that model. You cannot rely on reactive credential rotation after an install. Organizations must proactively monitor infostealer feeds to invalidate active tokens before they are weaponized, enforce strict runtime pipeline isolation, and treat every third-party npm install as a potential exposure event. Under the NIS2 Directive, supply chain governance is a hard legal mandate, not a framework maturity goal. When a compromised dependency reaches into your cloud secret stores, regulators will require a precise audit of your technical vendor controls—not just a signed procurement policy.”

— Volodymyr Lytvyn, Cyber Lead, SEG

• BleepingComputer — Red Hat npm packages compromised to steal developer credentials — June 5, 2026 — https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/
• Wiz Research — Miasma: Supply Chain Attack Targeting RedHat npm Packages — June 1, 2026 — https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages
• Aikido Security — Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm — June 1, 2026 — https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm
• Snyk — Miasma Attack Hits Red Hat npm Packages — June 1, 2026 — https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/
• Cloud Security Alliance Lab Space — Miasma: Red Hat npm Supply Chain Worm — June 3, 2026 — https://labs.cloudsecurityalliance.org/research/csa-research-note-miasma-npm-supply-chain-redhat-20260603-cs/