Dossier
Microsoft Threat Intelligence
Coverage of Microsoft Threat Intelligence in the Nexus archive.
- Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
The Miasma malware campaign has poisoned over 20 npm packages in the Leo Platform and RStreams ecosystems, targeting developer credentials and CI environments. The attack, executed in under three seconds by compromising an npm maintainer account, steals secrets from cloud providers, GitHub, and other platforms, and republishes packages to propagate further.
- Hackers Insert Malware Into Mistral AI Software Download
Hackers have inserted malware into a Mistral AI software download, which was distributed through a Python package. The malicious code was discovered by Microsoft Threat Intelligence. This incident poses a security risk to users who downloaded the compromised software.