{"id":230432,"date":"2026-06-12T03:20:14","date_gmt":"2026-06-12T07:20:14","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/12\/miasma-worm-compromises-73-microsoft-github-repositories-2\/"},"modified":"2026-06-12T03:20:18","modified_gmt":"2026-06-12T07:20:18","slug":"miasma-worm-compromises-73-microsoft-github-repositories-2","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/12\/miasma-worm-compromises-73-microsoft-github-repositories-2\/","title":{"rendered":"Miasma Worm Compromises 73 Microsoft GitHub Repositories"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/193367\/malware\/miasma-worm-compromises-73-microsoft-github-repositories.html\">Miasma Worm Compromises 73 Microsoft GitHub Repositories<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/193367\/malware\/miasma-worm-compromises-73-microsoft-github-repositories.html\">https:\/\/securityaffairs.com\/193367\/malware\/miasma-worm-compromises-73-microsoft-github-repositories.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-09 11:57:16<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p>A sophisticated self-replicating worm known as Miasma has infiltrated and compromised 73 Microsoft GitHub repositories, leading to the disabling of these repositories by GitHub staff. This attack involved the spread of malicious code through AI coding tools, facilitating the theft of sensitive cloud credentials from developers and CI\/CD systems. The Miasma worm is an evolved version of Mini Shai-Hulud, a previously open-sourced worm by the cybercrime group TeamPCP, which has since renamed its branding from Dune references to Greek mythology. The attack vector began by compromising a Red Hat GitHub account to push unreviewed commits, which included packages that were subsequently published to the npm registry disguised as legitimate updates, thereby evading detection by standard registry scanners. The payload also showed advanced evasion tricks by encrypting payloads uniquely for each infection, negating hash-based detection methods, and was specifically tailored to harvest cloud identities in both Google Cloud Platform and Azure. This incident is concerning because it seems to be a re-compromise, indicating that the attackers retained a foothold or credentials were not fully rotated after an earlier breach.<\/p>\n<p>Key Points:<br \/>\n&#8211; The Miasma worm has compromised 73 Microsoft GitHub repositories, targeting core Azure infrastructure.<br \/>\n&#8211; The worm initially spread via Red Hat, using stolen GitHub tokens to insert malicious packages into the npm registry.<br \/>\n&#8211; Unlike previous versions, Miasma focuses on harvesting cloud credentials from CI\/CD systems, posing a significant threat.<br \/>\n&#8211; This is Microsoft\u2019s second breach in weeks, raising questions about the effectiveness of their previous remediation efforts.<br \/>\n&#8211; Organizations are advised to rotate exposed credentials and check for unusual activity in their build systems due to the active nature of this threat.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Miasma Worm Compromises 73 Microsoft GitHub Repositories https:\/\/securityaffairs.com\/193367\/malware\/miasma-worm-compromises-73-microsoft-github-repositories.html Publish Date: 2026-06-09 11:57:16 Source Domain: securityaffairs.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":230433,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/06\/image-25.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,32],"class_list":["post-230432","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/230432"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=230432"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/230432\/revisions"}],"predecessor-version":[{"id":230434,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/230432\/revisions\/230434"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/230433"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=230432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=230432"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=230432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}