Tenable Blog

What the Miasma campaign reveals about the new supply chain threat model and the underground market for developer credentials (opens in new tab)

Covers 3 stories See all stories this covers including The npm Threat Landscape: Attack Surface and Mitigations

A stolen session cookie sat in underground markets for seven weeks before attackers used it to poison 32 Red Hat packages in the npm software registry, an example of the industrial approach behind modern supply chain attacks.Key takeawaysMiasma is a self-propagating npm worm derived from that TeamPCP open-sourced on May 12. The public release of the full weaponized toolchain means any operator can now replicate structurally identical supply chain campaigns.The Miasma campaign compromised 89-p...

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help