Product
Threat actors compromised AsyncAPI npm packages by exploiting a misconfigured GitHub Actions workflow, stealing a privileged bot token, and injecting obfuscated Miasma malware into multiple packages, which then executed at module-load time to establish persistence and command and control, bypassing standard npm installation mitigations.