🟠 High | Source: The Hacker News
A malware family known as Miasma (also linked to Mini Shai-Hulud and Hades) has expanded its supply chain attack campaign to compromise npm packages belonging to LeoPlatform and RStreams, abuse GitHub Actions workflows, and spread into the Go ecosystem. This represents an ongoing, evolving threat targeting developer toolchains and CI/CD pipelines. The broad reach across multiple package registries and automation platforms significantly increases the potential blast radius for downstream organisations.
Security Architect’s Take: Audit your CI/CD pipelines immediately for unpinned or recently updated dependencies from LeoPlatform and RStreams npm packages, and review GitHub Actions workflow files for unexpected third-party action references or modifications. Enforce dependency pinning by commit SHA, implement software composition analysis (SCA) tooling with malware detection, and restrict GitHub Actions permissions using least-privilege OIDC token scopes.
Original advisory: Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack