The software supply chain took another hit last week. On June 5, GitHub disabled 73 Microsoft-owned repositories after the Miasma worm infiltrated projects across four organizations: Azure, Azure-Samples, Microsoft and MicrosoftDocs.
GitHub’s automated systems triggered the takedown within 105 seconds of detecting the infection — a fast response, but the damage was already done. The attack began when a malicious commit was pushed to the Azure/durabletask repository using a previously compromised contributor account. The commit planted configuration files that execute a credential-harvesting payload when a developer opens the repository in an IDE or AI coding tool.
That last detail is worth paying attention to. The affected tools include Claude Code, Gemini CLI, Cursor and VS Code — tools that millions of developers use every day. Just opening a repository in a trusted environment was enough to trigger the payload.
A Worm With History
Miasma is a variant of the Mini Shai-Hulud worm that a group called TeamPCP publicly released in mid-May 2026. The original Shai-Hulud appeared in September 2025 as the first self-replicating malware observed in the npm ecosystem. Since then, it has mutated across npm and PyPI, previously compromising 32 Red Hat packages and affecting packages from TanStack, Mistral AI and UiPath.
This wasn’t a random attack on Microsoft. The same compromised contributor account was used in both the May PyPI attack and the June GitHub incident, and the payloads are highly similar. Someone picked a target and came back for a second round.
Among the disabled repositories are notable projects including azure-search-openai-demo, the durabletask library and its .NET, Go, Java, JavaScript and MSSQL implementations, functions-container-action, llm-fine-tuning, and windows-driver-docs. These aren’t obscure side projects. They are infrastructure that development teams depend on.
The Real Problem: The Developer Environment is Now an Attack Surface
Traditional supply chain attacks focus on packages — something gets installed, and the malicious code runs. Miasma works differently. The immediate blast radius was not cloud infrastructure itself, but the software factory around it: GitHub Actions workflows, Azure Functions tooling, Durable Task libraries, and developer machines.
Instead of relying on traditional package installation hooks, Miasma targets the developer’s local environment. It abuses legitimate auto-run, hook, and rule engines within modern IDEs and AI coding assistants to execute its payload.
That is a meaningful shift. Mitch Ashley, VP and practice lead for software lifecycle engineering and AI-native software engineering at The Futurum Group, put it plainly: “Software’s trust boundary has moved from the installed package to the act of opening code in a tool. Miasma weaponizes the auto-run and hook engines that make IDEs and AI coding agents productive, turning the developer environment into an execution surface.”
Ashley doesn’t stop at the diagnosis. “Opening a trusted repository is no longer a safe, read-only act. Engineering teams now have to govern what their coding tools may auto-execute and how far the credentials they hold can travel once one account is compromised.”
What Comes Next
The attack harvested credentials for cloud platforms and developer tools, then used them to propagate to additional repositories. That self-replicating behavior is what makes Miasma different from a typical compromise. It doesn’t wait to be discovered — it moves.
For security and DevOps teams, this incident reinforces something that has been true for a while but is harder to ignore now: the people writing your software are targets, not just the software itself. A compromised developer account or a stolen personal access token can do just as much damage as a vulnerability in production code.
Microsoft and GitHub sit at the center of the developer trust economy. The Miasma attack is a reminder that even that center is now exposed to attacks that behave less like traditional intrusions and more like contagion.
The containment in this case was fast — 105 seconds is genuinely impressive. But the downstream impact on teams relying on those 73 repositories is still being assessed. And the bigger question isn’t how quickly GitHub can respond. It’s how organizations can build development pipelines that don’t treat trusted sources as unconditionally safe.
That work starts with visibility. Teams need to know what’s in their dependency chains, who has access to their repositories, and what happens when code gets opened in an IDE. The Miasma attack showed that the threat model for software development has expanded. Security teams need to expand with it.
