Mastodawn

It looks like Microsoft's DevOps libraries for Azure Functions might have been compromised. No statement yet but Github is nuking Microsoft's own repos.

https://opensourcemalware.com/blog/miasma-reaches-azure

The Blight Reaches Microsoft: 73 Repos Disabled in 105 Seconds

GitHub disabled 73 Microsoft repositories across four of its GitHub organizations — the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps — in a 105-second sweep on June 5. The recompromised durabletask package sits at the center, and the fingerprints point at the open-sourced Miasma worm.

Show thread

Kevin Beaumont 4d ago

RE: https://infosec.exchange/@cirriustech/116698961191700971

Companion thread.

Show thread

Kevin Beaumont 2d ago

As far as I know there's no public statement from Microsoft yet, but yes, I've heard they've been compromised and have been serving compromised code.

Show thread

Kevin Beaumont 1d ago

How it started vs how it’s going.

Show thread

Kevin Beaumont 1d ago

One of the public MS statements about the issue in this thread is it's an "internal technical issue"

Show thread

fuzzyfuzzyfungus 1d ago

@GossiTheDog It's good that there isn't an established term for a supplier's malice-induced internal issues spilling over onto their customers; or I'd be forced to suspect that someone is being less than totally honest...

Show thread

James Lees 21h ago

@GossiTheDog I wonder if any of your international followers know who that is 😀

Show thread

JTI 1d ago

@GossiTheDog The CI/CD systems really are everyones favorite hunting grounds these days, eh? 🤣

Show thread

PhDog 2d ago

If that was from vibe coding a few people are going to laugh themselves to death.

..only a few?

Mass-casualty schadenfreude-ing.

@ralfmaximus @GossiTheDog

Show thread

Colin Finck 2d ago

@GossiTheDog Interesting. That may explain why I got this e-mail from GitHub last Friday.

("windows-driver-docs" is not even an Azure repo -- it's a fork of a public Microsoft repo though)

Show thread

faebudo 2d ago

@GossiTheDog This compromise or a newer one? https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents

Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents - StepSecurity

On June 5, 2026, the Miasma worm campaign reached Microsoft's Azure GitHub organizations. GitHub disabled 73 repositories across four Microsoft GitHub organizations after a malicious commit was pushed to the Azure/durabletask repository using a previously compromised contributor account. The attack planted configuration files that execute a credential-harvesting payload when a developer opens the repository in Claude Code, Gemini CLI, Cursor, or VS Code.

Show thread

David Penfold

2d ago

@GossiTheDog Could this be linked? They've stubbornly refused to do anything about VS Code supply chain risks for years now.

https://infosec.exchange/@CyberSecurityNewsDaily/116714655896207665

CyberSecurityNewsDaily (@[email protected])

⚡ THREAT INTEL: VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Sup Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in Source: https://thehackernews.com/2026/06/vs-code-adds-2-hour-extension-auto.html #ThreatIntel #CyberSecurity #InfoSec

Infosec Exchange

Show thread

Jesus Michał von Gentoo 🏔 (he)2d ago

@GossiTheDog, [the astronaut meme].

/me hides

Show thread

Faraiwe 2d ago

@GossiTheDog since 1992, I guess =)

Show thread

G0rb

2d ago

@GossiTheDog mmh thought they would only do this on an OS level.

Show thread

Expertenkommision Cyberunfall 2d ago

@g0rb @GossiTheDog

They do it on every level

Show thread

kkarhan 1d ago

@GossiTheDog when weren't they?

Show thread

noodle 4d ago

@GossiTheDog This sent me
"Hunt your own org. Search for unexplained public repos, especially anything described "Miasma: The Spreading Blight,"....."

Show thread

jo the disgraced 1d ago

@noodle @GossiTheDog
I assume the article is vibe...written?

unless the threat actor introduces themselves as Miasma, Lord of Blight. that'd be kinda based

Show thread

LumiWorx - Just Vote Dammit!4d ago

@GossiTheDog

Doesn't give any warm and fuzzy feelings about trying #AzureLunux right about now, does it... ?

https://github.com/microsoft/azurelinux

GitHub - microsoft/azurelinux: General purpose Linux OS for Azure

General purpose Linux OS for Azure. Contribute to microsoft/azurelinux development by creating an account on GitHub.

GitHub

Show thread

George Liquor, American 4d ago

@GossiTheDog Is that good?

Show thread

Maj - 🇨🇦4d ago

@GossiTheDog I dunno if it's the Irish in me but "Blight" makes me recoil & exclaim in horror.

Show thread

Susan Calvin 4d ago

@maj @GossiTheDog I was going with Vernor Vinge somehow, but yeah that's even more visceral

Show thread

panu 4d ago

@GossiTheDog
I think this quote perfectly crystallizes the essence of this ordeal:

_Cloning a repo to read its source has always felt safe. AI coding agents and IDE auto-run features quietly changed that, and attackers noticed before most defenders did._ [1]

#AI #NoAI

[1] https://safedep.io/miasma-worm-ai-coding-agent-config-injection/

Miasma Worm Targets AI Coding Agents via GitHub Repos

A Miasma worm variant injects a 4.3 MB dropper into GitHub repos across multiple maintainers, wiring it to auto-run through Claude Code, Gemini, Cursor, and VS Code config files. No npm package is published. The trigger is cloning a repo and opening it in an AI coding agent, a shift from the campaign's earlier node-gyp install-time execution.

SafeDep - Real-time Open Source Software Supply Chain Security

Show thread

cd ~4d ago

@shadowdancer @GossiTheDog unsafe link, is what DDG says.

Show thread

schuelermine 2d ago

@shadowdancer @GossiTheDog it never was safe

Show thread

panu 2d ago

@anselmschueler
Yeah, I guess auto-run _anything_ is never safe. As for the AI coding agents though, I would argue they were perfectly safe when they didn't exist.
@GossiTheDog

Show thread

Brad Macpherson 4d ago

@GossiTheDog Forgejo, you say...

Show thread

The Lady Nostromo 🏳️‍⚧️4d ago

@GossiTheDog I get that this may be an article about something compelling and interesting, perhaps even something actionable, but I can't read that obviously LLM generated prose.

I'm so fucking tired of reading anything written by an LLM.

It's the same salespitchy, lifted-to-a-pedastal language and sentence-fragments-as-punctuation, saccharine, lifeless, soulless nonsense all over the internet now. A writer's actual voice is so refreshing now. I can't believe this is where we are as a society.

@GossiTheDog Noice

@GossiTheDog What a time to be a Linux user and codeberg member 🤣

Show thread

Christof Damian 💙💛1d ago

@GossiTheDog
Good to see that something is still up at GitHub

Show thread

Tanawts 1d ago

@GossiTheDog The Miasma worm has evolved to now target & infect Ai Agent Tools like, Cursor, Claude, VS Code + Ai Agent Extensions, etc via SessionStart Hooks / post-install initialization steps. We are no longer just looking at infection via Packages, Libraries, Dependencies, or Extensions, but now also Ai Cfgs as well.

Having controls in place for settings.json for Hooks is essential.

If you do not have your code sources on lockdown, you run the risk of an upstream cloned source infecting your Ai-enhanced toolchains via these hooks by simply opening your editor and browsing to a code directory containing an infected cfg file.

https://code.visualstudio.com/docs/enterprise/ai-settings#_enable-or-disable-hooks

https://code.claude.com/docs/en/hooks#disable-or-remove-hooks

Manage AI settings in enterprise environments

Learn how to centrally manage AI settings in VS Code for enterprise environments, including agent mode, MCP servers, and tool approvals.