The Wire
Agents

Miasma Self-Spreading Worm Reaches Microsoft Azure GitHub Orgs — 73 Repos Disabled

StepSecurityhigh signal

On June 5, 2026, the Miasma supply-chain worm campaign reached Microsoft's Azure GitHub organizations, prompting GitHub to disable 73 repositories across four Microsoft GitHub orgs after malicious commits were pushed. The attack files execute credential-harvesting payloads when a developer opens the repository in Claude Code, Gemini CLI, Cursor, or VS Code — a new class of repo-as-trigger attack that weaponizes coding-agent auto-execution on project open. It underscores the danger of agents that act on untrusted repository contents without isolation.

Follow the thread

No related signals yet.