OSS Funded Open source funding news, grants, sponsorships, and deal flow.
Published June 25, 2026 ยท Added June 30, 2026

Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem

Socket Threat Research tracks a Mini Shai-Hulud/Miasma supply-chain wave affecting LeoPlatform and RStreams npm packages, abusing GitHub Actions, expanding to Go modules, stealing developer secrets, and planting hooks for AI coding assistants such as Claude Code, Cursor, and Gemini CLI.

Socket Threat Research tracks a Mini Shai-Hulud/Miasma supply-chain wave affecting LeoPlatform and RStreams npm packages, abusing GitHub Actions, expanding to Go modules, stealing developer secrets, and planting hooks for AI coding assistants such as Claude Code, Cursor, and Gemini CLI.

Read the original story.

Source: Socket