SecurityThe Namespace Was the Credential
Three independent threat actors operating simultaneously on npm this week confirm that adversaries have collectively assessed its namespace trust model as a high-yield, structurally undefended attack surface.
Miasma
The Registry Trusted the Token
GitHub OIDC trusted-publishing solved the stored-credential problem and created a new attack surface in the same motion: three independent actors exploited it in a single week, producing malicious packages carrying valid provenance attestations.
Trusted Vendor, Compromised Namespace: Miasma Escalates Supply Chain Risk While AI Cements Its Role in Ransomware Development
The Mini Shai-Hulud worm now operates inside Red Hat's official npm namespace, proving that vendor-maintained packages are viable supply chain targets; simultaneously, the first confirmed AI-assisted ransomware toolchain documents a qualitative shift in what moderately skilled operators can build.