Ethical Hacking News
GitHub's containment protocol has been activated following a suspected worm attack that compromised over 70 Microsoft repositories. The Miasma worm is believed to be a descendant of the Mini Shai Hulud worm and exploited vulnerabilities in cloud secret-scouting tools, highlighting the ongoing threat landscape in open-source development.
Github contains a suspected worm attack that compromised over 70 Microsoft repositories. The worm is believed to be a descendant of the Mini Shai Hulud worm and exploits vulnerabilities in cloud secret-scouting tools. The attack began when a compromised contributor account pushed a malicious commit, leading to remote code execution on machines. The incident highlights the need for increased vigilance in monitoring open-source projects and detecting potential threats.
In a shocking turn of events, GitHub, the go-to platform for open-source collaboration and development, has taken drastic measures to contain a suspected worm attack that compromised over 70 Microsoft repositories. The worm in question, identified as Miasma, is believed to be a descendant of the Mini Shai Hulud worm that wreaked havoc on the npm registry earlier this month.
According to StepSecurity's co-founder and CTO, Ashish Kurmi, the attack began when a compromised contributor account pushed a malicious commit to Azure/durabletask, which ultimately led to the release of configuration files that triggered remote code execution on machines when developers opened the affected repository in an IDE or AI coding tool. The repo that most immediately caused issues was Azure/functions-action, which was subsequently taken down by GitHub's automated detections.
The Miasma worm is notable for its ability to exploit vulnerabilities in cloud secret-scouting tools, specifically those developed for Linux systems. This raises serious concerns about the security of open-source projects and the potential for attackers to gain unauthorized access to sensitive information.
It is worth noting that the attack on Microsoft repositories is believed to be a re-targeting of the durabletask PyPi package, which was previously targeted by the Miasma worm in May 19. The tokens associated with the compromised developer account used to execute the PyPi attack were not fully rotated, allowing an attacker to gain access and push commits to GitHub.
Security shop Snyk described Miasma as a descendant of the Mini Shai Hulud worm, which itself is named after an earlier worm of the same name. TeamPCP claimed responsibility for developing Mini Shai Hulud, but it is unclear whether they were also behind the Miasma attack.
StepSecurity reported that two days before the Microsoft attack, the same worm was making a nuisance of itself at npm, compromising more than 50 packages, including a Vapi.ai SDK with over 408,000 monthly downloads.
GitHub's swift action in containing the attack and disabling the affected repositories has been praised by security experts. However, it also highlights the need for increased vigilance in monitoring open-source projects and detecting potential threats.
In response to the attack, Microsoft has taken steps to patch vulnerable code and strengthen its security posture. However, it remains to be seen whether these measures will be enough to prevent future attacks of this nature.
The incident serves as a stark reminder of the ongoing threat landscape in the world of open-source development and the importance of robust security protocols. As the use of AI and machine learning continues to grow, so too does the potential for attackers to exploit vulnerabilities in cloud secret-scouting tools.
In conclusion, the Miasma worm attack on Microsoft repositories serves as a wake-up call for developers and organizations to take proactive steps to ensure the security of their open-source projects. By staying vigilant and implementing robust security protocols, we can reduce the risk of similar attacks in the future.
GitHub's containment protocol has been activated following a suspected worm attack that compromised over 70 Microsoft repositories. The Miasma worm is believed to be a descendant of the Mini Shai Hulud worm and exploited vulnerabilities in cloud secret-scouting tools, highlighting the ongoing threat landscape in open-source development.
Related Information:
https://www.ethicalhackingnews.com/articles/Githubs-Containment-Protocol-Unveiling-the-Miasma-Worm-Attack-on-Microsoft-Repositories-ehn.shtml
https://www.theregister.com/security/2026/06/08/github-nukes-70-microsoft-repos-amid-suspected-worm-attack/5252169
Published: Wed Jun 10 10:30:31 2026 by llama3.2 3B Q4_K_M
