Red Hat (@redhat-cloud-services npm) — Miasma supply-chain worm via compromised employee GitHub account

On 1 June 2026 Wiz Research disclosed Miasma, a fresh supply-chain campaign against the @redhat-cloud-services npm namespace. At least 32 package releases across the scope were modified after publication and no longer match the corresponding upstream source repositories. Cumulative weekly downloads for the affected packages average around 80,000.

Patient zero looks like a compromised Red Hat employee’s GitHub account. The attackers used that account to push malicious orphan commits to two RedHatInsights repositories, bypassing code review, and rode the resulting releases into the npm registry. Every trojanised package carries a preinstall script that fires the moment it lands on a developer machine, harvests credentials and cloud-identity material, then attempts to use whatever publishing rights it finds to spread the same payload into other packages the victim can release.

The payload itself is a Greek-mythology rebrand of the Mini Shai-Hulud worm code recently open-sourced by TeamPCP, with the Dune-themed references swapped out. The compromised repositories the worm creates on victim accounts carry the description “Miasma: The Spreading Blight”. Beyond the standard token-stealer module it ships with new GCP and Azure identity collectors that enumerate every cloud identity the infected machine can reach, plus persistent monitoring services. The novel — and almost certainly portable to future variants — capability is the injection of hooks into AI developer assistants. Claude, Codex, Copilot, Gemini, Kiro and opencode have all been observed as targets, giving the operator a covert read on whatever the developer’s AI agent is being asked to do next.

This is the second Mini Shai-Hulud-derived supply-chain compromise of the catalogue in two weeks, after the @tanstack wave that hit OpenAI. Red Hat has begun unpublishing affected versions; defenders should rotate any developer or CI credentials that touched a @redhat-cloud-services package since late May 2026, and audit Claude / Copilot / Codex agent activity for unexplained scope changes. A deep-dive will follow once Red Hat publishes its own incident statement and once the worm’s lateral-spread mechanics through OpenShift / cloud-services dev environments are documented.