All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Supply Chain Attack via Malicious Commit Hits 73 Microsoft GitHub Repositories

By

By Chris Paoli06/08/2026

22h ago· 4 min readenNews
Bagel score 90 of 100
90/100
Golden Brown
Bagelometer

Crackling crust, pillowy middle. The kind of bagel that earns a second cup of coffee.

Score90TypenewsSentimentnegative

Summary

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit was discovered in an Azure project, part of a supply chain attack linked to the Miasma worm campaign. The attack targeted developer workstations and AI coding environments across four Microsoft GitHub organizations, including Azure Functions projects.

Key quotes

· 3 pulled
GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project
The incident... was tied to the Miasma worm campaign and affected repositories across four Microsoft GitHub organizations, including Azure Functions projects
in what researchers described as a supply chain attack aimed at developer workstations and AI coding environments
Snippet from the RSS feed
GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI coding environments.

You might also wanna read

GitHub Actions workflows identified as common weak link in open source supply chain attacks

This article analyzes a series of high-profile open source supply chain security incidents from the past 18 months, tracing them back to Git

Andrew Nesbitt·1mo ago

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re

aikido.dev·2mo ago

Post-mortem Analysis of @ctrl/tinycolor npm Supply Chain Attack via GitHub Actions

A detailed post-mortem analysis of a supply chain attack on the @ctrl/tinycolor npm package. The attack occurred when a malicious GitHub Act

sigh.dev·8mo ago

Trivy GitHub Actions Compromised in Supply Chain Attack, Exposing CI/CD Secrets

A new supply chain attack targeting Trivy's GitHub Actions has been disclosed, where attackers compromised the security scanner by force-upd

socket.dev·2mo ago

Postmortem: TanStack npm supply-chain compromise via GitHub Actions exploitation

On May 11, 2026, an attacker exploited a chain of vulnerabilities — including the pull_request_target "Pwn Request" pattern, GitHub Actions

tanstack.com·29d ago

GitLab Identifies Large-Scale npm Supply Chain Attack with Destructive Malware

GitLab's security researchers have uncovered a large-scale supply chain attack in the npm ecosystem involving a destructive malware variant

about.gitlab.com·6mo ago