New Blog: Mini Shai-Hulud "Miasma" Hits @redhat-cloud-services: 32 Packages at Risk

•

1 Jun 2026

T1078

Valid Accounts

discovered 2026-06-03

Uses stolen GitHub credentials of the compromised owner (ocrybit) and the asteroiddao npm account to publish packages and poison repos.

View on MITRE ATT&CK

Seen in packages

npm weavedb-sdkuses

Campaigns

IronWormattributed-to