The breach, identified on 1 June 2026, affected at least 32 package releases across the Red Hat Cloud Services ecosystem, including frontend components, generated API clients and supporting developer tooling linked to the Red Hat Hybrid Cloud Console. The malicious versions were designed to execute automatically during installation, giving the attackers a route into developer machines and continuous integration environments before application code even ran.
Security researchers tracking the campaign have named the malware Miasma, describing it as a self-propagating credential-stealing worm with similarities to Mini Shai-Hulud, a supply-chain malware framework that circulated earlier this year. The affected packages collectively drew roughly 80,000 weekly downloads, increasing the risk that the compromise reached organisations beyond Red Hat’s internal development environment.
The attack relied on npm’s preinstall mechanism, a feature that allows scripts to run automatically when a package is installed. In the compromised versions, that hook launched a heavily obfuscated JavaScript payload capable of harvesting secrets from local machines, developer environments and cloud-linked build systems. The targets included GitHub Actions tokens, npm publishing tokens, SSH keys,. env files, Docker registry credentials, Kubernetes configuration files, HashiCorp Vault tokens and credentials linked to Amazon Web Services, Google Cloud and Microsoft Azure.
Investigators found that the payload did not merely collect static secrets. It also attempted to enumerate cloud identities and determine what access an infected host could assume, making the campaign more dangerous for organisations where build runners or developer machines have elevated permissions. Once credentials were obtained, the malware could use npm access to republish backdoored versions of other packages controlled by the compromised identity, allowing each infected system to become a potential launch point for further spread.
The incident appears to have stemmed from a compromised Red Hat employee GitHub account rather than a simple npm token leak or a typosquatting operation. The attacker used malicious orphan commits pushed into RedHatInsights repositories to trigger GitHub Actions workflows. Those workflows requested short-lived OpenID Connect tokens and then published altered package versions to npm under the legitimate namespace.
That route is particularly significant because it undermined a trust model widely adopted to reduce the danger of long-lived publishing credentials. Trusted publishing through GitHub Actions and npm is designed to improve supply-chain security by replacing static tokens with short-lived identity-based credentials. In this case, the packages were still published from a legitimate repository workflow, giving them valid provenance metadata even though the workflow itself had been abused.
The compromise shows that provenance can confirm where a package was built without proving that the build process was authorised or benign. That distinction is now central to the response by software security teams reviewing their reliance on automated trust signals. Valid provenance, signed releases and official namespaces remain useful safeguards, but they cannot replace account security, workflow controls and behavioural monitoring inside build systems.
Several malicious versions were revoked from npm within hours of disclosure, while analysis continued into whether any versions remained available during the early response window. Developers and organisations that installed affected @redhat-cloud-services packages on or after 1 June have been advised to assume that secrets accessible to those environments may have been exposed. The most urgent response steps include pinning away from affected releases, reinstalling dependencies with lifecycle scripts disabled, rotating npm tokens and cloud credentials, and reviewing GitHub, npm and cloud audit logs for unauthorised access.
The package list includes widely used components such as @redhat-cloud-services/frontend-components, @redhat-cloud-services/types, @redhat-cloud-services/rbac-client, @redhat-cloud-services/notifications-client, @redhat-cloud-services/compliance-client, @redhat-cloud-services/insights-client, @redhat-cloud-services/host-inventory-client and several related frontend and API client packages. Multiple versions of many packages were affected, suggesting the attacker pushed releases in waves rather than through a single isolated upload.
The campaign fits a wider pattern of attacks against developer infrastructure, where adversaries target package registries, CI/CD systems and maintainers rather than end users directly. npm remains a high-value target because JavaScript dependencies are routinely installed automatically across development machines, build servers and production-adjacent environments. A single trusted package can be pulled into thousands of projects through direct and transitive dependencies.
Open-source supply-chain attackers have increasingly focused on credential theft because developer tokens can unlock source repositories, deployment systems, cloud infrastructure and further package publication rights. The Red Hat namespace compromise adds to evidence that attackers are moving from opportunistic malicious uploads towards campaigns that exploit trusted automation paths inside major software organisations.
Also published on Medium.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
