Supply ChainJun 2, 2026
An update to our Threat Brief on npm supply chain attacks discusses the latest compromise, pushin...
npm supply chain attack deploys Miasma payload linked to TeamPCP threat actor
Summary
A new npm supply chain compromise has been identified distributing a malware payload named Miasma. The attack's tradecraft closely matches the Mini Shai-Hulud malware previously attributed to the TeamPCP threat actor, suggesting continued targeting of the npm ecosystem.
Indicators of Compromise
- malware — Miasma
- malware — Mini Shai-Hulud
Entities
npm (technology)TeamPCP (threat_actor)Miasma (campaign)