Threat Intelligence Report

Miasma npm Supply Chain Attack: Self-Spreading Worm via Phantom Gyp

📅 June 5, 2026 📰 www.stepsecurity.io 🔍 0 CVE(s) referenced

A novel, self-spreading npm supply chain worm dubbed "Miasma" exploits binding.gyp to silently execute malicious code during package installation, bypassing traditional security checks and rapidly compromising developer credentials, CI/CD secrets, and AI coding assistant configs across multiple ecosystems.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle