32 Red Hat npm packages compromised in 'Miasma' supply-chain attack

Security researchers have disclosed that 32 npm packages associated with Red Hat were compromised in a supply-chain attack involving malware dubbed 'Miasma,' exposing cloud authentication tokens, CI/CD pipeline secrets and developer credentials to whoever controlled the malicious code. Because npm packages are pulled automatically into countless other projects as dependencies, a compromise at this level can quietly ripple outward to any organization that builds software using the affected libraries — often without those downstream teams realizing they've inherited a problem until much later. Researchers say the incident fits a pattern that has alarmed the open-source security community over the past two years: attackers increasingly target the software supply chain itself, planting malicious code inside widely trusted packages rather than attacking end targets directly, because doing so can compromise many organizations at once for a fraction of the effort. Rotating any credentials that may have been exposed, auditing dependency trees for unexpected changes, and pinning package versions are now considered standard incident-response steps in cases like this. The episode adds further pressure on the npm ecosystem and package registries more broadly to tighten publishing controls, two-factor authentication requirements and automated scanning — measures that have already been rolled out in stages following several earlier high-profile supply-chain incidents.