The Bottom Line: The Miasma worm spreads across Microsoft repositories on GitHub, demonstrating critical vulnerability of centrally managed development ecosystems to self-replicating attack malware.
A self-replicating worm named Miasma has compromised 73 GitHub repositories belonging to Microsoft, once again jeopardizing the supply-chain security of development platforms. GitHub has subsequently locked access to the affected repositories.
The attack affected a total of 73 Microsoft repositories distributed across four GitHub organizations: Azure, Azure-Samples, Microsoft, and MicrosoftDocs. According to OpenSourceMalware, this is part of an ongoing campaign involving the self-replicating malware Miasma, which spreads automatically between repositories, thereby implementing classic supply-chain attack patterns at the source code management level.
GitHub responded immediately to the incident by disabling access to the compromised repositories. This protects downstream systems from direct infection through clones or forks of the affected code bases, but simultaneously disrupts legitimate development and integration pipelines that depend on these repositories.
For CISOs, this incident underscores several critical risks: first, the lack of isolation of development access credentials (particularly Personal Access Tokens and Deploy Keys), which enables a compromised machine to propagate itself independently across multiple repositories. Second, inadequate monitoring and anomaly detection on source code management platforms, which halts such malware outbreaks only after discovery by external security researchers. Necessary measures include access control strategies at the repository level, branch protection rules with enforced code reviews, and detailed audit logs for API access and git push operations.
Source: thehackernews.com · Published June 6, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.