MEDIUMSupply Chain
Global

Miasma Worm Hits Microsoft's AI Coding Ecosystem

·Source: Bank Info Security

Updated:

Executive Summary

Attackers Compromised More Than 70 Microsoft Repositories in Under 2 Minutes Attackers linked to the Miasma supply-chain campaign compromised a Microsoft contributor account and pushed malicious code into more than 70 reposito

Analysis

Attackers Compromised More Than 70 Microsoft Repositories in Under 2 Minutes Attackers linked to the Miasma supply-chain campaign compromised a Microsoft contributor account and pushed malicious code into more than 70 repositories, using artificial intelligence-assisted coding tools as an infection path to steal credentials and developer secrets at scale.

Indicators of Compromise (2)

URL (1)
https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/miasma-worm-hits-microsofts-ai-coding-ecosystem-image_small-6-a-31912.jpg
VirusTotalURLhaus
Domain (1)
ismg-cdn.nyc3.cdn.digitaloceanspaces.com
VirusTotalURLhaus
Source Attribution

Originally published by Bank Info Security on Jun 8, 2026.

Related Threats

MEDIUMSupply Chain

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary

The Hacker News
LOWSupply Chain

GitHub finally pulls the plug on automatic install script execution for npm

The ability for attackers to leverage automatic install script execution in npm will finally come to an end when expected changes arrive from GitHub in July. Coders will still be able to enable the function, but the default setting will block it. In V12, default settings are changing, GitHub said in its changelog , noting, “it turns an npm install behavior that runs automatically today into one yo

CSO Online
MEDIUMSupply Chain

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]

BleepingComputer