Share

    • Microsoft Disables GitHub Repositories After Miasma Malware Breach

    By Any June 9, 2026
    Microsoft temporarily disabled dozens of its open-source projects on GitHub after a supply-chain attack compromised 73 repositories. The breach involved credential-stealing malware, named Miasma, which was designed to activate within AI coding agents and could harvest cloud identities.
    Microsoft Disables GitHub Repositories After Miasma Malware Breach

    Microsoft Disables GitHub Repositories After Miasma Malware Breach Microsoft has disabled dozens of GitHub repositories after a stealthy supply‑chain attack laced its open‑source tools with malware designed to target AI developers and cloud identities. The incident exposes how quickly attacks can spread when they ride on trusted developer infrastructure.

    Early discovery and scope of the breach

    Security researchers first reported that a self‑replicating worm dubbed Miasma had compromised 73 Microsoft GitHub repositories, spanning Azure and other Microsoft organizations. The malicious code was crafted to plant payloads that trigger when opened inside AI coding tools such as Claude Code and Cursor, turning these assistants into unwitting execution engines.

    Shortly afterward, multiple security teams found that dozens of cryptographically verified Microsoft open‑source packages contained advanced credential‑stealing code, activated when developers worked with them through AI coding agents.

    How the attack worked

    The compromised packages executed a 28 KB payload that could steal credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tool configurations, then attempt lateral movement across cloud infrastructure and developer machines. Researchers warned that “developers who used AI agents to work with them should assume their systems are compromised.”

    This was the second Microsoft repository supply‑chain breach in weeks, following a compromise of the durabletask Python SDK on PyPI, which is widely used for orchestrating distributed workflows.

    Microsoft’s response and communication gap

    As reports surfaced that “Microsoft’s open source tools were hacked to steal passwords of AI developers,” GitHub began blocking access to affected projects with a notice that repositories were disabled “due to a violation of GitHub’s terms of service,” without initially flagging the malware risk to developers.

    Microsoft later confirmed it had “temporarily removed some repositories as we investigated potential malicious content,” adding that some had been restored while others would “remain offline while work continues.” The company said it notified a “small number of customers” who may have pulled content from affected repositories and pledged to reach out again if further action was needed.

    Broader implications

    The Miasma incident underscores the escalating risk of software supply‑chain attacks that target open‑source ecosystems and AI‑assisted development workflows, where a single compromised package can quietly propagate through clouds, tools, and organizations before being detected.

    Continue reading https://foxvector.com/stories/019eaeab-57f3-25d2-734e-256f6b50af75

    Write a comment