CyberSecurity News
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
AI summary
Cybersecurity researchers have identified a new evolution of a supply chain attack linked to a malware family that has compromised additional npm packages. The latest malicious activity involves tainted npm releases of the LeoPlatform and RStreams packages. The attack has also spread to the Go ecosystem. Furthermore, the malware has been abusing GitHub Actions workflows. This development is part of a larger campaign associated with the Mini Shai-Hulud, Miasma, and Hades malware family. The attack continues to expand its reach across different platforms.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.