On 1 June 2026, experts from multiple cybersecurity firms found a major supply chain compromise affecting software components used by Red Hat. Security firms Microsoft, Wiz Research, Snyk, and Aikido reported that hackers sneaked harmful code into software packages under the @redhat-cloud-services name on npm, which is a public library where developers get building blocks for their code.
The issue impacted at least 32 packages, leading to 96 compromised versions, which help run the Red Hat Hybrid Cloud Console and are downloaded around 80,000 to 117,000 times every week. Given the modules’ wide integration, the impact radius extends beyond Red Hat’s infrastructure to external development pipelines.
How the Infrastructure Was Exploited
The hackers didn’t guess passwords or use typosquatted webpages. Instead, they got into the personal GitHub account of a real Red Hat worker. They used this account to push hidden code changes (malicious orphan commits) directly into two RedHatInsights repositories without anyone reviewing the code.
As shown in the image from Wiz, these changes happened across two waves of activity. The unauthorized commits introduced a minimal GitHub Actions workflow that requested short-lived OIDC identity tokens from GitHub.
The system used these tokens to authenticate directly with npm’s trusted publishing endpoint to upload the backdoored packages. Because the code came from a legitimate Red Hat setup, the compromised versions shipped with valid SLSA provenance attestations, making them appear authentic to security scanners.
The Miasma Malware
Researchers have named this specific malware variant Miasma. It operates as a self-propagating worm and credential stealer based on Mini Shai-Hulud, an open-source malware framework published on BreachForums by the threat group TeamPCP earlier in 2026. This new version replaces old space themes with Greek mythology words like Spartan.
When a developer installs one of these broken packages, a hidden preinstall script triggers automatically before any normal code runs. It immediately hunts for sensitive data on the computer. This includes cloud login keys for Google Cloud, Microsoft Azure, and Amazon Web Services, as well as SSH keys, password data, and keys for AI tools like Claude and Gemini.
Additionally, the worm queries the npm registry for other packages the infected identity has rights to modify. It then automatically republishes those packages with the same malicious payload, turning a single compromised workstation into a vector to infect more registries.
Registry administrators revoked most of the malicious versions within hours of disclosure, but the supply chain investigation continues. Security teams are advised to check their lockfiles, block install scripts using the ignore-scripts configuration, and immediately rotate any cloud credentials or tokens accessible from affected build environments.
Reports from all respective companies are available here: Microsoft, Wiz Research, Snyk, and Aikido.
