Published: June 02, 2026, 00:08 UTC
Attackers compromised official Red Hat NPM accounts on June 1 and pushed malicious versions of more than 30 packages under the @redhat-cloud-services namespace, distributing a self-replicating worm designed to steal cloud credentials and spread to connected systems.
A trusted namespace turned weapon
The @redhat-cloud-services scope on the NPM registry is a legitimate channel reserved for official Red Hat packages. It is widely trusted by developers who rely on Red Hat’s cloud tooling — precisely the audience the attackers targeted. Security firm Aikido detected the breach on June 1 and reported that 96 individual versions across 32 packages had been compromised, cumulatively downloaded approximately 117,000 times per week.
The attack was active at the time of disclosure, though most compromised packages were taken down within hours.
Miasma: a worm that turns victims into vectors
The malicious payload, dubbed “Miasma” by researchers (and identified as a variant of the Shai-Hulud worm family previously seen in GitHub Actions attacks), executes during the npm install process — before a developer imports or uses the package in production. This means any CI/CD pipeline that ran npm install on an affected project during the window of compromise was exposed.
Security firm Socket analyzed the malware and found it designed to harvest a broad set of credentials: GitHub Action secrets, NPM tokens, Kubernetes secrets, HashiCorp Vault material, and credentials for AWS, Azure, and GCP. The worm then self-replicates by using the stolen credentials to publish backdoored versions of packages to other accounts the infected machine has access to — spreading the infection laterally.
“The payload executes during npm install, before application code imports or uses the package, so exposure depends on installation or CI execution, not runtime use,” Socket researchers wrote.
Supply chain attacks keep finding new entry points
This incident follows a pattern that has become distressingly familiar in open-source security. The 2024 compromise of the xz utility, the 2023 breach of PyTorch’s GitHub Actions, and countless NPM typosquatting campaigns have each highlighted how attackers exploit the trust embedded in package registries.
What distinguishes Miasma is its credential-stealing worm behavior. Rather than simply dropping a payload on the victim machine, it actively propagates — using each compromised installation as a launch point to reach further into the supply chain. The self-replicating design means the blast radius extends well beyond the initial 32 packages.
It remains unclear how the attackers gained access to the @redhat-cloud-services credentials. “It almost certainly involved the compromise of credentials required to access it, possibly through a previous supply-chain attack,” Ars Technica’s Dan Goodin reported, citing researcher findings.
What affected teams should do
Socket recommended that any organization that installed affected @redhat-cloud-services packages treat those systems as potentially compromised. Immediate steps include rotating all credentials the infected machine had access to, auditing NPM tokens and GitHub Action secrets, and checking for unauthorized package publications from associated accounts.
The incident also raises a structural question the open-source ecosystem has yet to answer: when a trusted namespace as central as Red Hat’s can be weaponized, and a single stolen credential can ripple into 117,000 weekly downloads, the current trust model for package registries is no longer adequate. NPM, PyPI, and other registries have added 2FA requirements and namespace verification, but Miasma demonstrates that credential theft alone is still enough to bypass those safeguards.
Sources: Ars Technica (June 2, 2026); Aikido Security (June 1, 2026); BleepingComputer (June 2, 2026); JFrog Research (June 1, 2026)