The Miasma supply chain campaign compromised the @redhat-cloud-services npm namespace by utilizing compromised GitHub accounts to push orphaned commits, effectively bypassing code review. Attackers exploited GitHub Actions OIDC identity tokens to publish malicious packages with valid SLSA provenance attestations, deploying a derivative of the Mini Shai-Hulud worm. This 4.2 MB obfuscated payload targets credentials for AWS, GCP, Azure, Kubernetes, and HashiCorp Vault while self-propagating via stolen npm tokens. In response, IBM and Red Hat launched Project Lightwell, a $5 billion AI-driven security clearinghouse designed to automate the validation and backporting of security fixes across the open-source ecosystem.
-
Campaign Analysis: The Miasma Worm
- Targeted 32+ packages within the
@redhat-cloud-servicesnpm namespace, resulting in 90+ malicious releases. - Achieved a reach of approximately 116,991 cumulative weekly downloads before detection.
- Utilized a reskinned version of the Mini Shai-Hulud framework to facilitate rapid credential exfiltration and ecosystem movement.
- Targeted 32+ packages within the
-
Technical Vectors: Bypassing Trust Frameworks
- Pushed orphaned commits to RedHatInsights repositories to circumvent mandatory code review processes.
- Leveraged GitHub Actions OIDC tokens to generate legitimate SLSA provenance, tricking verification tools into trusting tampered code.
- Employed obfuscated
preinstallscripts to harvest CI/CD secrets and cloud identities from infected developer environments. - Automated self-propagation by using stolen tokens and the
bypass_2faparameter to infect adjacent dependency chains.
-
Systemic Risk: The AI Remediation Gap
- Frontier AI models, such as Anthropic’s Mythos, are accelerating vulnerability discovery (identifying ~3,900 critical OSS flaws) beyond the speed of manual patching.
- The volume of ~50,000 annual CVEs creates a "remediation gap" that supply chain worms exploit for persistence.
- Miasma demonstrates a shift from isolated credential theft to systemic, wormable infections of trusted enterprise namespaces.
-
Strategic Response: Project Lightwell
- A $5 billion initiative employing 20,000 engineers to establish a trusted enterprise clearinghouse for open-source software.
- Uses AI to identify, validate, and deliver backported security fixes directly into environments (e.g., npm, PyPI, Maven) without requiring disruptive version upgrades.
- Expands security coverage beyond Red Hat products to include independent libraries, AI frameworks, and language toolchains.
- Currently integrated by 11 major financial institutions, including JPMorganChase, Goldman Sachs, and Visa.
-
Defensive Mitigations: Reducing Attack Surface
- Disable
preinstallandpostinstallscripts in npm configurations to block the immediate execution of malicious payloads. - Implement "NPM Package Cooldown" checks to flag or block dependencies published within a 48-hour window.
- Rotate all CI/CD secrets, cloud tokens, and SSH keys if any affected
@redhat-cloud-servicespackage was installed after June 1, 2026.
- Disable
Related posts
- Wiu
- Helpnetsecurity
- Cyberscoop
- Venturebeat
- securityweek.com — IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”
- csoonline.com — IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise
- Chainguard
- SOCFortress — Project Lightwell and the New Era of Structural Cybersecurity
- Malware News — Compromised @redhat-Cloud-Services Npm Packages Distribute Credential-Stealing Worm
- csoonline.com — Infected Red Hat npm packages expose developer credentials
- microsoft.com — Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
- Phoenix
- ox.security — 600,000 Monthly Downloads Affected: Miasma Supply Chain Attack Is Back on npm
- Secure
- Storagereview
- Redhat
- Newsroom
- Northamericaoutlookmag
- Futurumgroup
- Youtube
- Thehackernews
- Mastodon
- Safedep
- Snyk
- Socprime
- Ucdenver
- Redsecuretech
- Stepsecurity
- Dev
- Thenextweb
- Opensourcemalware
- Labs
- Spreaker
- Aiweekly
- Complexdiscovery
- feeds.feedburner.com — ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
- The Register - Security — GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections
- Youtube
- App
- techcrunch.com — Microsoft’s open source tools were hacked to steal passwords of AI developers
- Govinfosecurity
- Labs
- Exchange
- Socprime
- Sonatype
- Dark Reading — Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories
- Windowsforum
- Research
- SecurityWeek — Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks