[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:miasma-malware-targets-npm-packages-and-github-actions-in-supply-chain-attack-mqvf7k0r":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":15,"article_ids":16,"ioc_summary":18,"source_urls":19,"status":21,"expires_at":22,"created_at":23,"updated_at":24,"articles":25},"0d5fcaf7-b475-4dbe-8e27-ab7ce1086278","Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack","miasma-malware-targets-npm-packages-and-github-actions-in-supply-chain-attack-mqvf7k0r","Miasma malware is actively compromising npm packages and GitHub Actions workflows to steal developer credentials and secrets. Developers using affected packages or GitHub Actions are at immediate risk of credential theft and account takeover. This supply chain attack can cascade across organizations through compromised dependencies and CI\u002FCD pipelines.","critical","advisory",[],[13,14],"npm","Go","Audit all npm package dependencies and GitHub Actions in your CI\u002FCD pipelines for suspicious updates or modifications from the last 30 days. Rotate all developer credentials, GitHub tokens, and secrets that may have been exposed through build environments. Block execution of unsigned or unverified GitHub Actions workflows.",[17],"8af6e6af-781c-407a-936e-18d85cfab5cc",null,[20],"https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Fmiasma-malware-targets-npm-packages-and.html","active","2026-06-28T21:05:42.011+00:00","2026-06-26T21:05:49.148013+00:00","2026-06-26T21:07:58.946405+00:00",[26],{"id":17,"title":6,"url":20}]