A sophisticated malware campaign, dubbed Miasma by Microsoft, has targeted developers by compromising 32 npm packages under the `@redhat-cloud-services` umbrella. This attack plants backdoors in developer tools like Claude Code and VS Code, silently exfiltrating credentials for cloud services, code repositories, and more. The malware is designed to persist even after package uninstallation and can wipe user directories if access is revoked, making it a significant threat to software supply chain security. AI
IMPACT This sophisticated supply chain attack highlights critical vulnerabilities in developer tools and platforms, potentially impacting the security of AI development and deployment.
RANK_REASON This cluster details a significant software supply chain attack impacting multiple organizations and developer tools, with implications for security. [lever_c_demoted from significant: ic=1 ai=0.7]
- Claude Code
- Eli Lilly
- European Commission
- GitHub
- Miasma
- Microsoft
- Mistral AI
- OpenAI
- Red Hat
- @redhat-cloud-services
- TeamPCP
- VS Code
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →