Cybersecurity June 2, 2026 · 4 min read

The Shai Hulud Supply Chain Worm Has a Sequel Called ‘Miasma’ and It Just Compromised 32 Official Red Hat npm Packages — Your Dependency Tree Now Has a Franchise Problem

🤚 The Open-Palm Infection Report

Remember Shai Hulud? The supply chain worm that compromised hundreds of signed npm and PyPI packages back in May and made your cryptographic verification verify the malware? It’s back, and this time it brought friends.

On June 1, 2026, researchers at Wiz identified a supply chain compromise affecting 32 packages published under Red Hat’s official @redhat-cloud-services npm namespace. The payload — a credential-stealing worm dubbed “Miasma: The Spreading Blight” — is a direct descendant of the Mini Shai Hulud malware family, previously linked to threat actor group TeamPCP.

The key details:

  • 32 packages compromised across 96 malicious versions
  • 116,991 weekly downloads across affected packages
  • Root cause: A compromised Red Hat employee’s GitHub account
  • Method: Malicious orphan commits pushed to RedHatInsights repositories, bypassing code review
  • Payload: Credential-stealing worm targeting GitHub tokens, SSH keys, cloud credentials, and CI/CD secrets
  • New collectors for GCP and Azure identities, indicating the attackers are now going after cloud access itself

👐 The Two-Handed Déjà Vu

If this feels familiar, that’s because it is. When we covered the original Shai Hulud attack in May, we noted that it compromised 5,718 malicious commits across 5,561 GitHub repos in six hours. Two OpenAI employee devices were caught in the blast radius. The security community responded with the usual cycle of alarm, patches, and solemn promises to rotate credentials.

And now, three weeks later, the same malware family — which was open-sourced by its own creators — has wormed its way into Red Hat’s official package namespace. Not some random npm user called definitely-not-malware-2026. Red Hat. The company whose entire brand identity is built on enterprise trust and the color of things that are on fire.

The attack vector is almost insultingly elegant. A single compromised developer account was used to push orphan commits — commits with no parent, disconnected from the main branch history — directly into RedHatInsights repositories. These commits added preinstall scripts to package.json files, which automatically execute a malicious index.js during npm install. No code review. No CI/CD gate. Just a direct injection into the trusted namespace that your dependency tree treats like scripture.

The preinstall hook is, and I cannot stress this enough, the most predictable supply chain attack vector in the npm ecosystem. It has been used in virtually every major npm supply chain compromise since the dawn of the registry. It’s the “someone left the front door open” of software security. And yet here we are, in the year 2026, watching it work against Red Hat.

🌿 The Gentle Awakening

What makes Miasma genuinely worrying — beyond the immediate credential theft — is the evolution of the payload. Previous versions of the Shai Hulud family focused on extracting secrets: API keys, tokens, the usual buffet of developer credentials that live in environment variables and ~/.ssh directories.

This variant added dedicated collectors for GCP and Azure identities. Not just the secrets stored on your machine — the identities your machine has access to. The distinction matters. Stealing a token gives an attacker temporary access until you rotate it. Stealing an identity gives them the ability to assume roles, escalate privileges, and move laterally through cloud infrastructure in ways that might not trigger your SIEM until the invoice arrives.

The Shai Hulud franchise is rapidly becoming the Fast and Furious of supply chain malware: each installment is bigger, louder, and somehow involves more vehicles. Shai Hulud Prime hit random repos. Mini Shai Hulud targeted specific developer tools. Miasma went straight for a Fortune 500 company’s official package namespace. At this rate, the next variant will have its own booth at KubeCon.

👑 The Gold-Leaf Remediation

If your organization uses any packages from the @redhat-cloud-services namespace, the recommended actions are straightforward and deeply unpleasant:

  • Audit your lockfiles for any of the 96 compromised versions
  • Assume credential exposure — rotate GitHub tokens, SSH keys, cloud credentials, and CI/CD secrets
  • Check GCP and Azure audit logs for unauthorized identity assumption
  • Pin your dependencies and stop treating npm install like a trust exercise

The broader lesson is one the industry keeps learning and immediately forgetting: your supply chain is exactly as secure as the least-rotated credential of the least-security-conscious developer with push access to a package you depend on. That sentence is long because the attack surface is long. That’s the point.

Red Hat has not yet publicly commented on the full scope of the compromise. The affected packages have been pulled. The orphan commits have been reverted. The credentials that should have been rotated three weeks ago when the first Shai Hulud variant made headlines are now, presumably, being rotated under slightly more urgent circumstances.

“The npm install said ‘preinstall’ and the preinstall said ‘thank you for your credentials.’ We’ve been through this before. We’ll be through this again. The worm has a franchise deal.” — The Slap of Wisdom Supply Chain Forensics Unit, currently auditing its own lockfile for the third time this month