GitHub disables 73 Microsoft repositories after detecting Miasma worm supply chain attack
By
Connor Jones
Summary
GitHub took down over 70 Microsoft repositories in 105 seconds after detecting signs of the Miasma worm, a supply chain attack targeting open source projects. The worm, which shapeshifts to evade detection, focuses on stealing cloud secrets from compromised repos. The incident highlights ongoing vulnerabilities in the open source software supply chain.
Source
Key quotes
· 3 pulledMicrosoft's GitHub has disabled over 70 repositories after they were reportedly compromised by a worm in the latest open source supply chain attack.
The code shack took down 73 repos within the space of 105 seconds after its alarms were tripped on Friday, June 5, after detecting signs of the Miasma worm infecting its projects.
Miasma worm shapeshifts, but cloud secret-scouting remains the goal
You might also wanna read
Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code
The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re
aikido.dev·3mo agoGitHub Actions workflows identified as common weak link in open source supply chain attacks
This article analyzes a series of high-profile open source supply chain security incidents from the past 18 months, tracing them back to Git
Post-mortem Analysis of @ctrl/tinycolor npm Supply Chain Attack via GitHub Actions
A detailed post-mortem analysis of a supply chain attack on the @ctrl/tinycolor npm package. The attack occurred when a malicious GitHub Act
GitLab Identifies Large-Scale npm Supply Chain Attack with Destructive Malware
GitLab's security researchers have uncovered a large-scale supply chain attack in the npm ecosystem involving a destructive malware variant
GitHub Issue Prompt Injection Leads to 4,000 Developer Machines Compromised via Malicious npm Package
A sophisticated supply chain attack compromised approximately 4,000 developer machines through a GitHub issue title prompt injection. The at
Postmortem: TanStack npm supply-chain compromise via GitHub Actions exploitation
On May 11, 2026, an attacker exploited a chain of vulnerabilities — including the pull_request_target "Pwn Request" pattern, GitHub Actions

Comments
Sign in to join the conversation.
No comments yet. Be the first.