MICROSOFT faced a critical security incident where 73 of its open source packages were compromised, embedding advanced credential-stealing code. This malware, identified as Miasma, is activated when developers use AI coding agents. The attack reflects a second breach within a month and poses significant risks, including the theft of credentials across cloud environments. It signifies a sophisticated approach, exploiting the trust in development workflows rather than software vulnerabilities. Developers are urged to assume compromise and review their systems if they interacted with the affected packages.
Open source packages hit by Miasma malware via AI coding agents
CyberSIXT Evidence Panel
Primary Source
stepsecurity.io
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Open source packages hit by Miasma malware via AI coding agents
arstechnica.com
-
Miasma worm breaches Azure GitHub, harvesting creds via dev tools
stepsecurity.io
-
Miasma Worm supply chain breach hits 73 Microsoft GitHub repos
thehackernews.com