Miasma software supply chain campaign expands to new PyPI wave
Campaign
Summary
Hide ▲
Show ▼
The Miasma supply-chain campaign has expanded into a new PyPI wave, increasing the risk that developers and downstream users will ingest information-stealing malware through trusted open-source packages. The latest cluster adds 23 packages and shows that the operators are changing delivery methods rather than relying on a single implant format.
Related Happenings
Microsoft hit by cyberattack
Incident
First: 09.06.2026 18:42
Last: 09.06.2026 18:42
Sources 1
How related:
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code.
About this happening:
A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Microsoft hit by cyberattack
IncidentHow related: Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code.
About this happening: A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Vpmdhaj npm preinstall credential-harvest campaign
Campaign
First: 29.05.2026 12:11
Last: 29.05.2026 12:11
Sources 1
About this happening:
A new **vpmdhaj** supply-chain campaign has surfaced in **14 malicious npm packages** that use a **preinstall credential harvester** to steal **AWS credentials**, **HashiCorp Vaul...
Vpmdhaj npm preinstall credential-harvest campaign
CampaignAbout this happening: A new **vpmdhaj** supply-chain campaign has surfaced in **14 malicious npm packages** that use a **preinstall credential harvester** to steal **AWS credentials**, **HashiCorp Vaul...
Mini Shai-Hulud npm supply-chain malware wave
Malware Activity
First: 12.05.2026 14:07
Last: 12.05.2026 14:07
Sources 1
How related:
The development comes days after the Windows maker cut off access to dozens of its open-source projects hosted on GitHub following reports that they were compromised as part of an ongoing software supply chain campaign codenamed Miasma.
About this happening:
The **Mini Shai-Hulud** npm **malware activity** now includes the **Miasma** variant affecting **Microsoft GitHub repositories** in a self-replicating **supply-chain campaign**. O...
Mini Shai-Hulud npm supply-chain malware wave
Malware ActivityHow related: The development comes days after the Windows maker cut off access to dozens of its open-source projects hosted on GitHub following reports that they were compromised as part of an ongoing software supply chain campaign codenamed Miasma.
About this happening: The **Mini Shai-Hulud** npm **malware activity** now includes the **Miasma** variant affecting **Microsoft GitHub repositories** in a self-replicating **supply-chain campaign**. O...
Latest development: 09.06.2026 18:42
On June 5, Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub after concerns about potential malicious content tied to the Miasma/Shai-Hulud supply-chain campaign. The action disrupted continuous integration pipelines and broke workflows that depended on Azure/functions-action, while Microsoft said it temporarily removed some repositories during its investigation.
Shifty Corsair evolves open-source supply-chain tradecraft with fake firms, layered packages, and AI-assisted deception
Threat Actor Meta
First: 29.04.2026 17:43
Last: 29.04.2026 17:43
Sources 1
About this happening:
**Shifty Corsair** has expanded its operating model into a more convincing developer-lure ecosystem, increasing the risk of open-source supply-chain compromise against **Web3** ta...
Shifty Corsair evolves open-source supply-chain tradecraft with fake firms, layered packages, and AI-assisted deception
Threat Actor MetaAbout this happening: **Shifty Corsair** has expanded its operating model into a more convincing developer-lure ecosystem, increasing the risk of open-source supply-chain compromise against **Web3** ta...
Famous Chollima PromptMink supply-chain campaign targeting Web3 developers
Campaign
First: 29.04.2026 17:43
Last: 29.04.2026 17:43
Sources 1
About this happening:
The **PromptMink** campaign is widening **Famous Chollima**'s supply-chain intrusion playbook by pushing **tainted npm packages** into developer environments and stealing secrets....
Famous Chollima PromptMink supply-chain campaign targeting Web3 developers
CampaignAbout this happening: The **PromptMink** campaign is widening **Famous Chollima**'s supply-chain intrusion playbook by pushing **tainted npm packages** into developer environments and stealing secrets....
Timeline
-
09.06.2026 19:34 2 articles · 1h ago
Miasma supply-chain campaign expands to 23 more PyPI packages
Campaign Scope UpdateMicrosoft temporarily removed some GitHub repositories after 73 open-source projects were compromised to inject an information stealer, while the broader Miasma, Mini Shai-Hulud, and Hades activity also spread into a new PyPI wave that added 23 packages. The campaign uses multiple delivery methods, including executable .pth startup hooks, trojanized .abi3.so extensions, and a loader that searches sys.path for _index.js, and the payloads target developer workstations and CI/CD environments to harvest secrets and exfiltrate them to a public GitHub repository.
Show sources
- Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues — thehackernews.com — 09.06.2026 19:34
- Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues — thehackernews.com — 09.06.2026 19:34