The Miasma worm has successfully infiltrated 73 Microsoft GitHub repositories, affecting Azure and Microsoft organizations. This self-replicating malware, which plants malicious payloads in AI coding tools such as Claude Code and Cursor, has triggered a significant escalation in an ongoing supply chain attack campaign. GitHub responded by disabling the affected repositories, which were used to harvest developer credentials. The attack exploited previously compromised credentials, with security researcher Paul McCarty noting the recurrence of issues stemming from last month's compromise. The malware operates autonomously, executing automatically through various developer tools and harvesting credentials for platforms like AWS and Azure. As the situation develops, over 80 public repositories are reported to be involved in the Miasma campaign.
Miasma Worm Compromises 73 Microsoft GitHub Repositories in Escalating Supply Chain Attack
More Articles From This Day
Google Announces New AI Tools and Models Including Nano Banana and Co-Scientist
This week, Google introduced several AI tools and models, including the general availability of Nano Banana 2 and Nano Banana Pro via the Gemini Enterprise Agent Platform and Gemini API. The new Co-Scientist system is designed for structured scientific thinking, generating and refining hypotheses for complex problems. Additionally, dreambeans curates personalized daily topic collections based on connected Google apps. The unified encoder-free model, Gemma 4 12B, offers powerful multimodal intelligence for offline use, while Gemma 4 models have been optimized with Quantization-Aware Training to improve memory efficiency and performance. Google Magenta also launched RealTime 2, an open-weights live music model playable with MIDI keyboards and text prompts.