A new Shai-Hulud 'Miasma' variant backdoored 32 Red Hat npm packages via GitHub Actions OIDC abuse. github.dev shipped a 1-click webview bug that exfiltrates GitHub OAuth tokens with a single click. A forgotten debug flag in six Microsoft 365 Android apps let any Android app request FOCI tokens — billions of installs exposed.

Red Hat npm Backdoor , 1-Click GitHub Theft , MS Android Tok

The June 3 TLDR Information Security digest was a rough day for the supply chain: a new "Miasma" variant of Shai-Hulud backdoored 32 Red Hat npm packages, a 1-click GitHub token-theft bug shipped in github.dev, and one debug flag in six Microsoft 365 Android apps put billions of downloads at risk.

What You Need to Know: A new Shai-Hulud variant dubbed "Miasma" compromised 32 packages and 96 versions under Red Hat's @redhat-cloud-services npm namespace (~117,000 weekly downloads), abusing a GitHub Actions OIDC token via npm's trusted publishing endpoint. Researcher Ammar Askar disclosed a 1-click VSCode/github.dev webview flaw that lets a malicious link exfiltrate GitHub OAuth tokens. SecurityWeek reported that a forgotten debug flag in six Microsoft 365 Android apps (Word, Excel, PowerPoint, Copilot, Loop, OneNote) let any Android app request and receive Microsoft account FOCI access tokens.

Why It Matters

Shai-Hulud "Miasma" is the third major npm supply-chain compromise in six months and the first to weaponize npm's trusted publishing endpoint (the same feature designed to make publishing safer). If you're running npm install in CI, your "trusted publishing" check is now the attack surface.
The github.dev 1-click is a CVE-class bug hiding in plain sight. A single-click link can exfiltrate a user's full GitHub OAuth token (and therefore every private repo they can reach). Patch is gated on VSCode rolling out the fix across all webview entry points.
One debug flag = 15 lines of code = billions of Android installs. The Microsoft 365 FOCI token story is the textbook case for "did you turn off the debug build in production?" — and the answer for at least one shipped app was no, for some period of months.
The pattern across all three: an OAuth/token trust model that was safe in 2018 is unsafe in 2026 because the blast radius of a single compromised token now spans private repos, cloud accounts, and FOCI-copied enterprise sessions.

What Actually Happened

Shai-Hulud "Miasma" backdoors 32 Red Hat npm packages

A new variant of the Shai-Hulud worm, tracked as "Miasma," backdoored 32 packages and 96 versions under Red Hat's @redhat-cloud-services npm namespace, totaling approximately 117,000 weekly downloads. Attackers compromised an employee's GitHub account and pushed commits that abused a GitHub Actions OIDC token to publish via npm's trusted publishing endpoint — the same npm feature that was supposed to make supply-chain attacks harder. The packages carried a preinstall hook executing a 4.2 MB obfuscated index.js payload that harvests GitHub Actions secrets, AWS/GCP/Azure credentials, HashiCorp Vault and Kubernetes tokens, npm and PyPI publishing tokens, SSH keys, Docker credentials, GPG keys, and .env files. 309 GitHub repositories were confirmed compromised at the time of disclosure. Red Hat stated the compromise was confined to internal development tooling and never reached customer-facing console.redhat.com systems.

This is the third major npm supply-chain event in six months, following the lottie-player compromise and the Solana web3.js backdoor. The common thread is a maintainer-trust hijack followed by a postinstall-script weaponization, the same shape that xz-utils (CVE-2024-3094) took two years ago. The structural gap: lockfile-vs-CVE scanners answer "is this version known-bad," not "is this version safe." Teams that pin direct dependencies and enforce lockfile-diff review on every PR are the ones sleeping well right now.

Source coverage: BleepingComputer — "Red Hat npm packages compromised to steal developer credentials".

1-click GitHub token theft via a github.dev webview bug

Security researcher Ammar Askar disclosed a 1-click vulnerability in the webview security model of VSCode and github.dev that lets attackers steal sensitive GitHub tokens through a single malicious link. The bug stems from the way keyboard events are bubbled up from isolated iframes to the main window, enabling scripts to simulate unauthorized user input. Those simulated keystrokes bypass publisher trust checks and install malicious extensions designed to exfiltrate private repository data and credentials. github.dev runs a browser-based VSCode that receives a broad OAuth token from github.com — that token can access every repository the user can reach, including private ones. The malicious link can exfiltrate that token with a single user click.

The fix involves VSCode hardening the keyboard event handling between iframes and the main window. Until then, treat github.dev links from untrusted sources the way you'd treat a suspicious executable: don't click, especially if you're logged in to a GitHub account with access to private repos or organization secrets.

Source coverage: Ammar Askar — "1-Click GitHub Token Stealing via a VSCode Bug", TheNextWeb coverage.

One debug flag put billions of Microsoft Android downloads at risk

SecurityWeek published an exclusive on a vulnerability in six Microsoft 365 Android apps — Word, Excel, PowerPoint, Copilot, Loop, and OneNote — that let any other Android app request and receive Microsoft account FOCI access tokens. The root cause was a forgotten debug flag that Microsoft never removed from the production builds. An attacker needed only about 15 lines of code inside a widely installed or updated app to silently steal tokens and reuse or refresh them over time. Stolen FOCI (Family of Client IDs) tokens exposed email, files, documents, communications, and calendars. Microsoft patched the flaws in May and pushed fixes via Patch Tuesday and Google Play, but the exposure window was months, not days.

The FOCI token model is what lets the Microsoft 365 mobile suite share a single login across Word, Excel, PowerPoint, etc. — it's a UX win that became a security liability when the debug gate was left open. The bigger lesson: debug flags that grant token-issuing power in production builds should be considered security-critical, not build-hygiene issues. Static-analysis scans for "is this debug endpoint reachable from a non-debug build" should be in every mobile CI pipeline.

Source coverage: SecurityWeek — "Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk".

The Take

Three stories, one underlying problem: the trust model that made the 2018-era dev tooling ecosystem work — npm trusted publishing, github.dev webviews, debug flags in production builds — is no longer safe in a world where the blast radius of a single compromised token spans entire organizations. Each of these attacks succeeded not because of a novel exploit, but because an old assumption held too long.

For developers: rotate your npm tokens today if you use the @redhat-cloud-services namespace, audit your GitHub Actions OIDC trust, and pin your direct deps. Don't click github.dev links from untrusted sources until the VSCode fix rolls out. For mobile teams: the Microsoft FOCI story is the case study you send to leadership to justify a "no debug flags in production builds" lint rule.

For the broader industry: the fact that this is happening every six weeks now means lockfile-vs-CVE scanning is no longer enough. Defenders need real-time feeds (OSV, npm audit, Sigstore) and a "pause on maintainer shift" policy. The xz, lottie-player, web3.js, and now Miasma attacks all followed the same shape. Predicting the next one is no longer the hard part.

Quick Summary

A new Shai-Hulud "Miasma" variant backdoored 32 Red Hat npm packages via GitHub Actions OIDC abuse and npm trusted publishing. github.dev shipped a 1-click webview bug that exfiltrates GitHub OAuth tokens with a single click. A forgotten debug flag in six Microsoft 365 Android apps let any Android app request FOCI tokens — billions of installs exposed. Three stories, one problem: 2018-era token-trust models are unsafe in 2026.

Sources

Source: TLDR InfoSec (2026-06-03) | mr.technology — The Master Skill Index