Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Miasma self-replicating supply chain attack campaign targeting open-source repositories

Campaign
First reported
Last updated
Happening score
H score 47
1 unique sources, 1 articles

Summary

Hide ▲

The Miasma self-replicating supply-chain campaign has hit 73 Microsoft repositories across four GitHub organizations, forcing GitHub to disable access and raising the risk of further secret theft and repository compromise. The latest wave also re-compromised the durabletask package and spread through additional repositories, showing that the operation is still actively mutating. Its use of direct commits and a 4.3 MB payload runner means developers can trigger infection simply by cloning affected code and opening it in supported tooling.

Related Happenings

IronWorm npm supply-chain infection and self-propagation

Malware Activity
First: 04.06.2026 18:25 Last: 04.06.2026 18:25 Sources 1

About this happening: **IronWorm** is a **Rust** infostealer in a **npm supply-chain** activity that hides behind an **eBPF kernel rootkit**, communicates over **Tor**, and targets **86 environment var...

Open Happening

Miasma GitHub and npm supply-chain campaign

Campaign
First: 02.06.2026 00:38 Last: 02.06.2026 00:38 Sources 1

About this happening: A **Miasma** supply-chain campaign has expanded across **GitHub** and **npm**, now linked to **57 npm packages** and **more than 286 malicious versions**. The latest wave uses a *...

Latest development: 05.06.2026 21:05

A new Miasma wave is linked to 57 compromised npm packages across more than 286 malicious versions, with malicious installs abusing a 157-byte binding.gyp file for code execution during npm install and then staging additional payloads that inject persistent backdoor files into project repositories and target AI-assisted IDE workflows.

Open Happening

Vpmdhaj npm preinstall credential-harvest campaign

Campaign
First: 29.05.2026 12:11 Last: 29.05.2026 12:11 Sources 1

About this happening: A new **vpmdhaj** supply-chain campaign has surfaced in **14 malicious npm packages** that use a **preinstall credential harvester** to steal **AWS credentials**, **HashiCorp Vaul...

Open Happening

JINX-0164 cryptocurrency recruitment-lure campaign

Campaign
First: 28.05.2026 10:54 Last: 28.05.2026 10:54 Sources 1

About this happening: A **JINX-0164** campaign is targeting **cryptocurrency firms** and developers with **LinkedIn recruiter lures**, a fake meeting-and-fix workflow, and **macOS malware** to steal cr...

Open Happening

AUDIOFIX and MiniRAT macOS malware activity

Malware Activity
First: 28.05.2026 10:54 Last: 28.05.2026 10:54 Sources 1

About this happening: The **AUDIOFIX** and **MiniRAT** malware activity is targeting **cryptocurrency firms** and **developer infrastructure** on **macOS** with **LinkedIn recruiter** lures, a fake mee...

Open Happening

Timeline

  1. 06.06.2026 09:58 2 articles · 3h ago

    Miasma campaign hits 73 Microsoft GitHub repositories

    Initial Disclosure

    The ongoing Miasma self-replicating supply-chain campaign affects 73 Microsoft repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs, and GitHub disables access to the compromised repositories after a terms-of-service violation is detected on Azure/azure-functions-host.

    Show sources
    Open in new tab