THE Miasma worm has compromised seventy three Microsoft GitHub repositories, including key Azure infrastructure, after attackers used a compromised Red Hat employee account to push malicious code into internal projects. The campaign was first detected on June 5 2026 and leveraged AI coding tools to spread a self‑replicating payload that harvests cloud credentials from developers. This breach highlights a new phase in supply‑chain threats that target developer environments directly.
Technical analysis shows the worm injects configuration files that trigger credential‑harvesting routines when opened by AI assisted editors, and each payload uses a unique encryption scheme to evade signature based detection. No CVEs have been assigned to the flaw, but the malware focuses on stealing secrets from Azure services and other cloud platforms linked to the compromised repositories. Further details are available in the Red Hat advisory RHSB‑2026-006.
The initial malicious commit was made to the Azure/durabletask repository via a compromised contributor account, prompting GitHub to disable seventy three repositories across four organizations. Security researchers noted that the infection chain began when developers pulled the tainted configuration into their AI coding agents, which then executed the credential stealing code. More context on the attack timeline can be found in the StepSecurity report here.
Although no specific threat actor has been named, the incident follows a earlier supply chain compromise of the Durable Task SDK on May 19 2026, suggesting that attackers are reusing footholds gained in prior operations. The shift from attacking package repositories to infiltrating developer tools marks a notable evolution in tactics, as highlighted by The Hacker News coverage here. This trend raises concerns about the security of AI powered development assistants that have broad access to source code.
Defenders should immediately rotate any credentials that may have been exposed in the affected repositories and enforce multi factor authentication on all service accounts used for CI/CD pipelines. Reviewing audit logs for unexpected commits, especially those that add unfamiliar configuration files, can help identify similar intrusion attempts. Organizations are also advised to limit the permissions granted to AI coding tools, ensuring they can only read or write to trusted repositories.
Maintaining up to date dependency lists, applying the principle of least privilege across build systems, and conducting regular red‑team exercises focused on pipeline security will reduce the chance of future abuse. Keeping offline backups of critical configuration files and sharing indicators of compromise with relevant information sharing and analysis centres can aid rapid detection and response across the industry.