SlowMist: Red Hat cloud service packages suffer npm supply chain attack, affecting over 300 GitHub repositories.

CoinFeed reported on June 2nd that SlowMist has detected an active npm supply chain attack targeting Red Hat cloud service packages. The report shows that over 31 packages are affected, with approximately 116,000 downloads per week, and over 300 GitHub repositories contain stolen credentials. The attack techniques are highly similar to previous Shai-Hulud npm attacks, including credential collection, malicious repository creation, and automated key leakage. Searching GitHub using the tag "Miasma: The Spreading Blight" and sorting by recent updates still reveals newly appearing suspicious repositories, indicating that users are still being compromised.