Summary
Microsoft disabled 73 GitHub repositories after the Miasma worm compromised developer credentials to inject password-stealing malware into Azure and AI development tools. The supply chain attack exploited OIDC tokens to bypass security scanners and harvest cloud identities and CI/CD secrets.
Take Action:
If you build or deploy software using Azure Functions, GitHub Actions, or the Durable Task tools, stop using floating version tags like @v1 and switch to a safe deployment method check the as Azure CLI, Azure DevOps, or Zip Deploy for possible compromise and loading of the libraries in the affected period. If you did load them, rotate secrets immediately.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)