IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

npm supply chain attacks compromised over 100 packages via IronWorm and Miasma worm variants.

• •IronWorm uses eBPF rootkit to hide processes and steal developer credentials
• •Targets AI assistants (Claude, OpenAI, Gemini), cloud platforms (AWS, Azure, Kubernetes)
• •Abuses GitHub Actions and npm Trusted Publishing for self-propagation
• •Miasma uses 'Phantom Gyp' binding.gyp to bypass install script security
• •Both inject backdoors into AI IDEs and steal CI/CD credentials

This summary was automatically generated by AI based on the original article and may not be fully accurate.