Security · 2h ago
Miasma Malware Spreads via npm Packages and GitHub Actions
Researchers discovered Miasma malware in new npm packages LeoPlatform and RStreams, part of a supply chain attack also targeting GitHub Actions and the Go ecosystem. The malware family, linked to Mini Shai-Hulud and Hades, continues to evolve. This campaign exploits developer trust to compromise downstream users.
Meridian48 take
The attack underscores the persistent vulnerability of open-source ecosystems, where a single compromised package can cascade into widespread breaches.
Read the full reporting
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack →
The Hacker News
supply-chain-attacknpm-malware