Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
StepSecurity, SafeDep, and The Hacker News describe a Miasma supply chain incident that led GitHub to disable 73 Microsoft repositories after malicious AI-tool and IDE startup hooks were planted.
Published
Jun 27, 2026Duration
5 min readRisk Level
High SeverityIntel Tags
Why it matters
The Miasma incident matters because it moved software supply chain risk from package installation into the developer workspace itself. According to StepSecurity and SafeDep, the compromised repositories were wired so that opening them in Claude Code, Gemini CLI, Cursor, or Visual Studio Code could trigger a credential-harvesting payload. That means the blast radius is not limited to one bad package version; it reaches developers, CI/CD pipelines, and any downstream environment that trusts routine repository workflows.
What happened
StepSecurity reported that a malicious commit was pushed to Azure/durabletask on June 5, 2026 using a compromised contributor account, after which GitHub disabled 73 Microsoft repositories across four organizations. The Hacker News said the takedown affected Azure, Azure-Samples, Microsoft, and MicrosoftDocs repositories and followed earlier Miasma activity tied to the durabletask ecosystem. The Register later reported that Microsoft restored the repositories after review and said a small number of potentially affected customers were notified.
Technical details
The technical shift was the use of repository-resident startup hooks rather than a normal registry-only package compromise. StepSecurity described planted files such as .claude/settings.json, .gemini/settings.json, .cursor/rules/setup.mdc, and .vscode/tasks.json that invoked a shared .github/setup.js payload. SafeDep separately documented the same pattern, including execution paths through AI coding agents and VS Code folder-open behavior. Across the cited reporting, the malicious workflow is described as a way to execute code when a developer opens the repository, not merely when dependencies are installed.
Defender actions
Defenders should treat any clone or local checkout of affected repositories from the June 5 window as potentially sensitive and review whether tokens, cloud credentials, or developer secrets were exposed on workstations that opened them. Repositories that integrate AI coding tools or auto-run editor tasks should be audited for startup hooks, editor rules, and unexpected task files. Teams should prefer pinned commit SHAs over mutable tags in CI where possible, rotate contributor tokens tied to affected projects, and monitor for abnormal GitHub, cloud, and package-registry authentication following exposure to compromised developer environments.