Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
In what marks the most significant escalation of an ongoing supply chain campaign, the self-replicating Miasma worm compromised 73 Microsoft GitHub repositories on June 5, 2026. The attack targeted four critical organizations: Azure, Azure-Samples, Microsoft, and MicrosoftDocs, exploiting the trust model of open-source development to harvest credentials from unsuspecting developers.
The Attack Chain: From Commit to Credential Harvest
The intrusion began with a malicious commit pushed to the Azure/durabletask repository using previously compromised contributor credentials. This commit introduced configuration files designed to execute a credential-harvesting payload not when code was run, but simply when a developer opened the repository in AI-assisted coding tools.
The worm specifically targets users of modern development environments including Claude Code, Gemini CLI, Cursor, and VS Code. By hiding inside configuration files read by these tools, the malware bypasses traditional runtime security controls, striking at the moment of developer interaction rather than execution.
Miasma: A Worm That Lives in the Supply Chain
Miasma is a variant of the Mini Shai-Hulud worm, distinguished by its ability to operate within legitimate distribution channels. Unlike traditional malware that relies on social engineering to trick users into downloading fake software, Miasma compromises legitimate accounts and pushes malicious updates that appear indistinguishable from routine maintenance.
Once triggered, the Bun-based worm harvests credentials for a wide array of platforms:
- Cloud Providers: AWS, Azure, Google Cloud Platform (GCP) - Developer Tools: npm, GitHub, Kubernetes - Propagation: Stolen tokens are used to autonomously push the worm to any other repository where the victim has write access, creating a self-sustaining infection loop
The Response: 105 Seconds to Containment
GitHub's automated abuse detection system responded with remarkable speed, disabling all 73 affected repositories within a 105-second window. While this rapid action prevented further propagation, it also caused immediate disruption to CI/CD pipelines relying on affected actions, particularly Azure/functions-action.
The incident underscores a harsh reality: even the most secure organizations are vulnerable when attacker persistence meets the inherent trust of open-source collaboration.
Strategic Implications for DevSecOps
The Miasma attack highlights three critical vulnerabilities in modern software supply chains:
1. The AI Tooling Blind Spot: Security teams have historically focused on runtime execution and dependency scanning. However, configuration files read by AI coding agents represent a new, largely unmonitored attack surface. A malicious config file can exfiltrate data before a single line of user code runs.
2. Credential Scope and Blast Radius: The worm's ability to propagate via stolen tokens demonstrates the danger of long-lived, broad-scope credentials. A single compromised developer account can become a vector for infecting dozens of downstream projects.
3. Trust in "Verified" Publishers: Miasma's success relies on the assumption that commits from verified contributors are safe. As supply chain attacks mature, the identity of the committer is no longer a sufficient signal of safety.
Defensive Recommendations
Organizations must adapt their security postures to address this evolving threat:
- Scan Configuration Files: Extend static analysis to include AI tooling configs (e.g., .claude.json, settings.json) for suspicious patterns or external redirects - Enforce Short-Lived Credentials: Replace long-lived API keys and tokens with ephemeral, scope-limited alternatives wherever possible - Monitor for Anomalous Commits: Implement behavioral analytics to detect unusual commit patterns, even from trusted accounts (e.g., config-only changes, off-hours activity) - Isolate AI Agents: Run AI coding assistants in sandboxed environments with restricted network access to prevent unauthorized data exfiltration
The Bottom Line
The Miasma worm incident is a watershed moment for software supply chain security. It proves that attackers have successfully weaponized the very tools designed to accelerate development. For Microsoft, the disruption was contained, but the lesson is universal: in an era of AI-assisted coding and automated CI/CD, trust must be verified at every layer—from the contributor's identity to the config files they touch. Security teams can no longer afford to treat configuration as harmless metadata; in 2026, it is executable risk.














