Tag: credential theft

A sophisticated supply chain attack that compromised Red Hat’s JavaScript clients repository and injected credential-stealing malware into 32 npm packages has exposed how deeply attackers have penetrated the trusted-publishing mechanisms that underpin modern cloud-native development. The campaign, tracked by Microsoft Threat Intelligence as “Miasma,” leveraged a hijacked GitHub Actions OIDC workflow to publish trojanized packages…