Miasma: Supply Chain Attack Targeting RedHat npm Packages
Miasma is a supply chain attack targeting RedHat npm packages, leveraging malicious npm packages based on the open-sourced Mini Shai-Hulud malware. Specific affected packages and versions were not disclosed in the available source text.
- Disclosed
- Last updated
- Blast radius
- RedHat npm ecosystem users
- Ecosystems
- Attack vectors
- Affected entities
- RedHat npm packagesSpecific package names not disclosed in source text
Wiz reported a supply chain attack called "Miasma" targeting RedHat npm packages. The attack involves malicious npm packages that appear to be based on or derived from the Mini Shai-Hulud malware, which had been open-sourced.
The source material does not provide specific package names, versions, or detailed technical indicators. The attack appears to be active and targeting the npm ecosystem, with potential impact on RedHat users and downstream consumers of affected packages.
Further details regarding the specific packages involved, the attack timeline, and remediation steps would require access to the full Wiz blog post or additional technical documentation.
Remediation
- Review npm package dependencies for any packages linked to the Miasma attack
- Monitor for and remove any malicious npm packages from your supply chain
- Implement npm package verification and integrity checks
- Consult Wiz's published indicators of compromise (IoCs) for detection
- Update to patched versions of affected packages once available
Sources
Cite this entry
"Miasma: Supply Chain Attack Targeting RedHat npm Packages." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed June 1, 2026; last updated June 7, 2026. https://supplychainattack.org/incident/miasma-supply-chain-attack-targeting-redhat-npm-packages-1kq1ng
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- activecritical
Malware in @doaction/auth
Malware discovered in the npm package @doaction/auth. Systems with this package installed are considered fully compromised and require immediate remediation.
npmCompromised package - containedcritical
Malware in @doaction/shared
Malware was discovered in the npm package @doaction/shared. Systems with this package installed are considered fully compromised and require immediate remediation.
npmCompromised package - containedcritical
Malware in transacts
The npm package transacts was found to contain malware, resulting in full system compromise of any computer with the package installed or running. All secrets and keys should be rotated immediately from a different computer, and the package should be removed.
npmCompromised package - containedcritical
Malware in buffer-utilities
Malware was discovered in the npm package buffer-utilities, resulting in full system compromise for any installation. The package should be removed immediately and all secrets and keys rotated from a clean system.
npmCompromised package