Miasma v3 Hit 4 AsyncAPI Packages — Did NPM's Defenses Work, or Just Get Dodged?
Blog post from Semgrep
In a sophisticated cyberattack on July 14, 2026, an attacker gained access to the asyncapi/generator repository, pushing a single malicious commit that triggered the project's GitHub Actions workflow, leading to the release of tampered packages on npm with valid provenance attestations. The malicious code, hidden through obfuscation and padding, activates upon module use, not installation, indicating that npm's security measures are influencing attacker strategies. The attack utilized a Remote Access Trojan (RAT) named "Miasma v3," capable of credential harvesting, lateral movement, and AI coding-assistant poisoning, while employing multiple command-and-control channels for resilience. Despite the attack's complexity, the authors deliberately disabled npm propagation to avoid detection, underscoring the increased professionalism and evolving tactics in cyber threats. This incident highlights the importance of continuous vigilance and adaptation in security practices, as enhanced security measures like script blocking, while effective, are not foolproof solutions.
No tracked trend matches for this post yet.
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.