CISO Daily Digest: Miasma Supply Chain Attack Compromises Red Hat npm (20260602)

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

A sophisticated supply chain attack dubbed ‘Miasma’ has compromised official Red Hat npm packages, deploying a self-propagating worm designed to steal credentials and cloud tokens. The attack, attributed to the Shai-Hulud threat group, injected malicious code into legitimate packages distributed through Red Hat’s infrastructure. The worm autonomously spreads across systems, harvesting GitHub tokens, cloud provider credentials, and environment variables. This incident underscores the growing risk of software supply chain attacks targeting open-source ecosystems.

🔗 參考資料： 綜合報導（The Hacker News、Xakep）

本週活躍威脅

📌 Windows Netlogon RCE Vulnerability Actively Exploited

A remote code execution vulnerability in Windows Netlogon service is being actively exploited in the wild. The flaw allows attackers to execute arbitrary code on Domain Controllers, potentially compromising entire network domains.

🔗 Reference: iThome | Xakep

📌 Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Threat actors exploited Meta’s AI-powered support chatbot to social-engineer customer service representatives into handing over control of high-value Instagram accounts, including those of celebrities and businesses.

🔗 Reference: Krebs on Security | Xakep

📌 Operation Dragon Weave: China-Linked Hackers Target Czech Republic and Taiwan

A cyber espionage campaign dubbed ‘Operation Dragon Weave’ attributed to Chinese state-sponsored hackers has been targeting government entities in the Czech Republic and Taiwan, conducting intelligence-gathering operations ahead of diplomatic visits.

🔗 Reference: iThome

📌 Python Marimo Data Tool Vulnerability Actively Targeted by AI Agents

A critical vulnerability in the Python data analysis tool Marimo continues to be actively targeted, with hackers using AI agents to penetrate internal databases through the flaw.

🔗 Reference: iThome

📌 Carnival Cruise Data Breach: 6 Million Customers’ Data Stolen

Hackers have stolen the personal data of approximately 6 million Carnival Cruise customers, in one of the largest hospitality sector data breaches in recent memory.

🔗 Reference: Xakep

📌 VoidStealer Malware Bypasses Chrome Security to Steal Credentials

A new malware strain called VoidStealer can bypass Chrome’s built-in security mechanisms to steal cookies, saved passwords, and account information from the browser.

🔗 Reference: iThome

📌 Samba Patches Critical Vulnerabilities in Printing and Authentication

Samba has released patches for critical vulnerabilities in its printing and authentication functionality that could allow attackers to execute arbitrary code on unpatched systems.

🔗 Reference: iThome

📌 Pakistan-Linked SideCopy Targets Afghanistan Ministry with Xeno RAT

The Pakistan-linked threat group SideCopy has been targeting the Afghanistan Ministry of Finance using Xeno RAT, a remote access trojan designed for espionage and data theft.

🔗 Reference: The Hacker News