The Intake — Wednesday, June 3, 2026

If you've been treating npm provenance attestations as a meaningful signal of package safety, the Miasma incident names the gap. On June 1, 2026, an attacker compromised a Red Hat employee's GitHub account. They pushed commits that triggered OIDC-based GitHub Actions publishing workflows, which produced malicious package versions with valid provenance attestations — attestations the toolchain accepted as legitimate.

At least 32 package releases under the @redhat-cloud-services namespace were affected. Socket Research counted 95 infected versions by midday June 1. The combined weekly download count for the affected packages is approximately 80,000.

The preinstall hook runs before any import happens — meaning the payload executes at npm install, before your code ever runs. The payload targeted: GitHub tokens, npm tokens, AWS, Azure, and GCP cloud credentials, SSH keys, Kubernetes configuration, Docker authentication, and Claude Code settings files. The Miasma variant expands on prior Shai-Hulud behavior. Prior variants targeted only secrets already present in cloud environments; Miasma targets all cloud identities reachable from the infected machine.

The payload generation is the part that complicates detection. Each infected package version carries a unique AES-encrypted payload. Hash-based detection — matching a known-bad hash — doesn't work when every version produces a different binary signature. Red Hat confirmed awareness, removed the affected packages, and stated the infected releases were limited to internal development with no identified impact to customer or partner environments.

If you ran npm install on any @redhat-cloud-services packages between June 1 and the packages' removal, your machine's reachable cloud credentials and Claude Code settings are the scope of what may have been exfiltrated.

Glasswing is Anthropic's program for giving partner organizations early access to frontier models for vulnerability discovery in critical infrastructure codebases. On June 2, Anthropic expanded the program from approximately 50 initial partners to approximately 200, adding roughly 150 organizations across more than 15 countries. New partners include Rubrik, the Korea Internet and Security Agency (KISA), Samsung Electronics, SK hynix, and SK Telecom.

The expansion targets sectors underrepresented in the initial cohort: power, water, healthcare, communications, and hardware. The emphasis is on vendors and open-source maintainers whose codebases underpin many other systems. Anthropic states that for most partners a major attack could affect more than 100 million people. That framing is Anthropic's own characterization of partner selection criteria.

Anthropic says the initial 50 Glasswing partners collectively found more than 10,000 security flaws since April; most are rated high or critical severity. Anthropic released Claude Security alongside the expansion. It uses the company's public frontier models for codebase scanning. Anthropic says it is releasing, on request, the tooling developed to help Glasswing partners find vulnerabilities more quickly.

If you're an open-source maintainer or work on infrastructure software and want Claude-assisted scanning, Claude Security is now a named path — though the Glasswing partner track itself remains invite-based.