On June 10, 2026, the modular 'Miasma' attack framework was leaked via compromised developer accounts in a 'Miasma-Open-Source-Release' GitHub repo. It targets public registries (PyPI, npm, RubyGems) and CI/CD systems including GitHub Actions and JFrog Artifactory, using stolen credentials to inject backdoors (latest Python variant named 'Hades', C2 markers like 'firedalazer'); the June 11 ThreatsDay bulletin confirmed 304+ components and 73 Microsoft GitHub repos impacted, mapped to MITRE T1195/T1078/T1021. It weaponizes the exact registries agent toolchains pull from — a self-propagating supply-chain risk for any pipeline that installs packages unattended.