ON June 5, 2026, the Miasma worm campaign targeted Microsoft's Azure GitHub organizations, leading to GitHub disabling 73 repositories across four organizations after a malicious commit was pushed to the Azure/durabletask repository via a compromised contributor account. The malicious commit planted configuration files that triggered credential-harvesting payloads when opened by developers in various AI coding tools.
This incident highlights a shift in attack strategy from exploiting package installations to targeting developer environments directly. The compromised account was linked to a previous supply chain attack on May 19, escalating overall security concerns within the software development ecosystem.