ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

Miasma supply-chain malware abuses npm and GitHub Actions workflows

Source headline: Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Threat level High
Signal strength 78/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

A malware campaign associated with the Miasma and Hades family is targeting software supply chains. Threat activity has involved malicious releases in npm packages used by the JavaScript ecosystem. The same campaign has expanded toward the Go ecosystem as it propagates. Researchers also observed abuse of GitHub Actions workflows as part of the compromise chain. Developers should review dependency integrity, monitor CI workflow changes, and rebuild from trusted sources.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#supply-chain #malware #npm #ci-cd #dependency-security #github-actions
Original reporting The Hacker News Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Open original source

Related Pulse Signals

View all signals
High · Cybersecurity Polymarket users reportedly lost $3M after third-party vendor compromise High · Cybersecurity Microsoft details photo ZIP phishing delivering a Node.js implant at hotels High · Cybersecurity Turla StockStay backdoor targeting Ukrainian government and military networks Medium · Cybersecurity Amazon MGM drops OpenAI movie as data center workers push back and Meta leaks data