Threat actors compromised a Red Hat employee’s GitHub account and used GitHub OIDC trusted publishing to inject credential-stealing malware (Miasma) into 32 packages across the official ‘@redhat-cloud-services’ npm namespace, covering 96 versions and approximately 117,000 weekly downloads. Any build environment that installed affected packages must be treated as compromised, with immediate credential rotation required across all cloud providers and CI/CD systems. No patched replacement packages exist; affected packages must be removed and namespaces blocked at the registry proxy level.