New Blog: Mini Shai-Hulud "Miasma" Hits @redhat-cloud-services: 32 Packages at Risk

•

1 Jun 2026

T1078

Valid Accounts

Uses stolen GitHub credentials of the compromised owner (ocrybit) and the asteroiddao npm account to publish packages and poison repos.

discovered 2026-06-03

View on MITRE ATT&CK ↗

Seen in packages

npmweavedb-sdkuses

Campaigns

IronWormattributed-to