All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
Bluesky
Twitter
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Miasma Worm Compromises Microsoft Azure Repositories, GitHub Auto-Disables 73 Packages

2d ago· 11 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Kettled twice. Extra chewy, extra trustworthy.

Score100TypenewsSentimentnegative

Summary

Supply chain attacks continue to plague the software ecosystem, with Microsoft's own open source Azure repositories being automatically disabled by GitHub after the Miasma worm compromised the packages. The infection resulted in 73 Microsoft-related package repositories being flagged and taken offline within about a minute by GitHub's automated security system. Over 40 repositories were related to Azure, with the rest distributed across the Microsoft organization. The center of the infection appears to be the Microsoft Durabletask package, which was previously compromised.

Key quotes

· 3 pulled
73 Microsoft-related package repositories being flagged and taken offline in a little over a minute by the GitHub automated security system
Over 40 repositories being related to Azure and the rest distributed across the Microsoft organization
The center of the infection appears to be the Microsoft Durabletask package, which was previously compromised
Snippet from the RSS feed
Supply chain attacks continue, with Microsoft’s own open source Azure repositories being automatically disabled by GitHub following a compromise of the packages by the Miasma worm. OpenSource…

You might also wanna read

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re

aikido.dev·3mo ago

NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times

Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa

arstechnica.com·7mo ago

Post-mortem Analysis of @ctrl/tinycolor npm Supply Chain Attack via GitHub Actions

A detailed post-mortem analysis of a supply chain attack on the @ctrl/tinycolor npm package. The attack occurred when a malicious GitHub Act

sigh.dev·9mo ago

Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware

A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit

stepsecurity.io·9mo ago

317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack

A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published

safedep.io·28d ago

Microsoft taps AWS for GitHub capacity as AI-driven coding demand strains Azure infrastructure

Microsoft is turning to AWS to provide cloud capacity for GitHub, its developer platform, after a surge in AI-driven usage — particularly fr

runtimewire.com·6h ago