Infected Red Hat npm packages expose developer credentials

Over 30 Red Hat npm packages (pre-built code libraries) were infected with malware called Miasma, which automatically runs during package installation to steal developer credentials, authentication tokens, and cloud access information. This is a supply chain attack (an attack targeting software dependencies that many organizations trust) using a self-propagating worm based on the Shai-Hulud malware family. The malware was designed to spread further by stealing publishing credentials that could give attackers access to additional repositories and developer accounts.