Microsoft's GitHub ecosystem has been hit by the Miasma supply chain attack, resulting in the suspension of 73 repositories across organizations like Azure and MicrosoftDocs. This campaign, identified as a variant of the Mini Shai-Hulud worm, involves the re-compromise of the durabletask PyPI package and the direct injection of malicious code into public repositories, potentially leveraging credentials stolen in previous incidents.
The attack is notable for its ability to bypass traditional defenses by operating through legitimate channels and exploiting the inherent trust models of open-source platforms. It specifically targets modern developer workflows by infecting AI coding agents and tools like Claude Code, Cursor, and VS Code. This allows the malware to propagate exponentially by compromising downstream users through automated payload execution during the repository cloning process.
Top comments (0)