More than 30 Red Hat npm packages were compromised after attackers hijacked a developer account to bypass GitHub’s trusted publishing mechanism, exposing the growing risks facing open-source software supply chains.
A major open-source supply chain attack has compromised more than 30 Red Hat Cloud Services packages on the npm registry after attackers bypassed GitHub’s trusted publishing security mechanism using a stolen developer account.
Security firm Aikido Security discovered the campaign, dubbed “Miasma”, which bears strong similarities to the recently open-sourced Mini Shai-Hulud worm. The malware affected 96 package versions across 32 npm packages that collectively recorded over 115,000 downloads per week.
According to Aikido, the attackers gained access to a Red Hat employee’s GitHub account and used it to publish malicious orphan commits directly to repositories. This allowed them to bypass code reviews and exploit the CI/CD pipeline as the attack vector, despite trusted publishing protections designed to eliminate the need for long-lived credentials.
The Miasma worm is capable of stealing AWS, Google Cloud Platform and Microsoft Azure credentials, HashiCorp Vault tokens, SSH private keys, .env files, CI/CD secrets and npm tokens.
Red Hat confirmed the incident and removed the affected packages from npm. “Red Hat is aware of security reports regarding certain npm packages within our developer tooling system,” a company spokesperson said. “We immediately initiated an investigation and removed the packages from the npm registry.”
The company said the affected packages were used only for internal development and were never published for customer consumption through console.redhat.com. “While our investigation is ongoing, we have not identified any impact to customer or partner environments or Red Hat production systems,” the spokesperson added.
Aikido has advised developers who installed packages from the @redhat-cloud-services scope since June 1, 2026, to immediately rotate credentials, SSH keys and CI/CD secrets.
