Over 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were backdoored in a supply-chain attack, after attackers compromised a Red Hat employee's GitHub account and used it to publish malicious package versions containing credential-stealing malware. The malware, dubbed "Miasma," is a variant of the Shai-Hulud framework and was designed to steal a wide range of sensitive data including cloud credentials, SSH keys, CI/CD tokens, and environment files from developers who installed the affected packages. Red Hat removed the compromised packages and stated that they were limited to internal development tooling with no confirmed impact on customer environments, though the investigation remains ongoing.
