Miasma Worm Compromises 73 Microsoft GitHub Repositories
Self-replicating supply chain attack hits Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations; GitHub disables affected repositories.
Microsoft has confirmed that 73 of its GitHub repositories were compromised in the Miasma supply chain attack, a self-replicating worm campaign targeting open-source infrastructure. The affected repositories span four Microsoft organizations: Azure, Azure-Samples, Microsoft, and MicrosoftDocs.
GitHub has disabled access to the compromised repositories in response to the incident. The attack was identified by OpenSourceMalware, which tracks supply chain threats in public code repositories. The Miasma campaign represents a continuation of self-replicating attacks that exploit trust relationships in software development workflows.
Supply chain attacks targeting GitHub repositories pose systemic risk because developers routinely pull code from trusted organizational accounts. Compromised Microsoft repositories carry particular weight given the company's footprint across enterprise and cloud infrastructure. The worm's self-replicating nature means initial infection can cascade through dependent projects without further attacker intervention.
- 01Development teams using affected Microsoft repositories face potential code integrity compromise.
- 02Enterprises must audit dependencies pulled from Microsoft GitHub organizations during exposure window.
- 03Open-source supply chain defenses require repository-level integrity monitoring, not just package scanning.
Ransomware attack executed entirely by AI agent, researchers report
JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.
Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.