Things are not always what they seem
Redfin | Rent Head of Information Security
Former Ubisoft Director of Security Operations
Microsoft Alumni | Former Director of MSRC's Cloud Incident Response | He/Him/Hrm | Philosopher & Ninja
SANS:
GCIH #16353 - Cerified Incident Handler
GWAPT #3274- Web Application Pen Tester
GXPN #164 - Exploit Researcher and Advanced Penetration Tester
The Take 9 "Count Before You Click" launch party was so much fun!
This campaign is very dear to me since I grew up with Sesame Street. Now Count Von Count is helping Take 9's mission to encourage people to practice good online security mindfulness by pausing for 9 seconds before you click! 💯👩‍💻
The Miasma worm has evolved to now target & infect Ai Agent Tools like, Cursor, Claude, VS Code + Ai Agent Extensions, etc via SessionStart Hooks / post-install initialization steps. We are no longer just looking at infection via Packages, Libraries, Dependencies, or Extensions, but now also Ai Cfgs as well.
Having controls in place for settings.json for Hooks is essential.
If you do not have your code sources on lockdown, you run the risk of an upstream cloned source infecting your Ai-enhanced toolchains via these hooks by simply opening your editor and browsing to a code directory containing an infected cfg file.
https://code.visualstudio.com/docs/enterprise/ai-settings#_enable-or-disable-hooks
https://code.claude.com/docs/en/hooks#disable-or-remove-hooks
On June 5, 2026, the Miasma worm campaign reached Microsoft's Azure GitHub organizations. GitHub disabled 73 repositories across four Microsoft GitHub organizations after a malicious commit was pushed to the Azure/durabletask repository using a previously compromised contributor account. The attack planted configuration files that execute a credential-harvesting payload when a developer opens the repository in Claude Code, Gemini CLI, Cursor, or VS Code.
Threat intel and Cybersecurity research firms: if you're not providing RSS feeds to your blog, you're hurting your brand.
Whatever traffic you think you're driving to the site by preventing analysts from ingesting feeds is outweighed by the reputational damage of not providing a service we expect and rely on.
And if your reason is because it's hard behind Cloudflare, well, you're telling on yourself twice.
If you are a GitHub Enterprise Server customer, you will need to take action. GitHub announced that one of the keys compromised by the threat actor breach was a signing key.
https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/
@briankrebs can we get a piece on the state of package/plugin/extensions Marketplaces being unconscionably behind on hygiene controls that have resulted in these supply chain worms?
Lack of MFA for publishers, lack of hygiene control on 3rd party submitted content, lack of cool down timers on packages/clients to protect themselves from rapidly spreading infections.
The whole framework has been ripe for exploitation. The garden has been left poorly tended we are now subject to the invasion of the worms as a result.
@zombie042 I agree!
Lets change the story!
Give devs the time to Ship Higher Quality Code! Hold product owners accountable for setting tight arbitrary due dates on feature releases.
Move the slider on rewards and incentives from shipping features fast, to shipping quality products!
Move the slider to the left from BugBounty payments, to BugFix payments!
Visual Studio Code Extensions lack a means of enforcing a minimum age to protect against updates that spread worms. There is a feature request to compel Microsoft to add this festure functionality, it only has 212 likes today.
Please help give it a BIG signal boost!
In the last years, supply chain attacks have increased dramatically. A few examples in the VS Code extension ecosystem: AI-Slop ransomware test sneaks on to VS Code marketplace - BleepingComputer M...
BiaSciLab
Kevin Beaumont
Taggart 
