An active attack is planting backdoors inside Claude Code right now. If you use npm, your credentials may already be compromised.
A sophisticated malware campaign, dubbed Miasma by Microsoft, has targeted developers by compromising 32 npm packages under the `@redhat-cloud-services` umbrella. This attack plants backdoors in developer tools like Claude Code and VS Code, silently exfiltrating credentials for cloud services, code repositories, and more. The malware is designed to persist even after package uninstallation and can wipe user directories if access is revoked, making it a significant threat to software supply chain security. AI
IMPACT This sophisticated supply chain attack highlights critical vulnerabilities in developer tools and platforms, potentially impacting the security of AI development and deployment.