Miasma Worm Hits 73 Microsoft GitHub Repos, Steals 2,400 Secrets

Self-replicating Miasma worm compromised 73 Microsoft GitHub repositories, exfiltrating over 2,400 developer credentials via AI coding tools.

On June 8–9, 2026, Microsoft temporarily disabled dozens of GitHub repositories after the Miasma supply chain worm infected 73 repos across four organizations — Azure, Azure-Samples, Microsoft, and MicrosoftDocs. The attack exploited previously compromised contributor credentials to push a malicious commit to the Azure/durabletask repository, embedding a credential-harvesting payload inside configuration files designed to trigger when opened in AI coding tools including Claude Code, Gemini CLI, and VS Code. GitHub's automated systems disabled the affected repositories in a sweep lasting just 105 seconds.

Miasma is assessed as a variant of the Mini Shai-Hulud worm first observed in mid-May 2026. The same compromised contributor account was linked to a prior May attack on the durabletask PyPI package. The worm exfiltrated over 2,400 secrets and has now infected 113+ repositories across dozens of accounts. Threat group TeamPCP, believed responsible, previously targeted TanStack (CVE-2026-45321, CVSS 9.6), Mistral AI, LiteLLM, Checkmarx, and hundreds of npm packages.

This attack signals a dangerous new frontier: AI developer tooling is now an active attack surface. Malicious hooks embedded in IDE configuration files represent a stealthy, high-yield vector that security teams have largely underestimated until now.

Find the right AI tool for your business

Chat with Insta and get matched to the right tool in seconds.