Microsoft hit by cyberattack
Incident
Summary
Hide ▲
Show ▼
A Microsoft GitHub repository removal incident in June 2026 disrupted continuous integration pipelines and briefly broke Azure/functions-action workflows used by developers. Microsoft later said it had temporarily removed some GitHub repositories while investigating potential malicious content, then restored some repos and kept others offline during the review. The incident was tied to a broader Miasma supply-chain campaign that compromised 73 open-source projects to inject an information stealer and prompted Microsoft to notify a small number of customers who may have pulled content from the affected repositories.
Cases
Related Happenings
Miasma software supply chain campaign expands to new PyPI wave
Campaign
H score29
First: 09.06.2026 19:34
Last: 09.06.2026 19:34
Sources 1
How related:
The findings are the latest in a sustained software supply chain campaign that has breached widely used open-source packages to plant malware capable of propagating to downstream users and beyond.
About this happening:
The **Miasma** supply-chain campaign has expanded into a new **PyPI** wave, increasing the risk that developers and downstream users will ingest **information-stealing malware** t...
Miasma software supply chain campaign expands to new PyPI wave
CampaignHow related: The findings are the latest in a sustained software supply chain campaign that has breached widely used open-source packages to plant malware capable of propagating to downstream users and beyond.
About this happening: The **Miasma** supply-chain campaign has expanded into a new **PyPI** wave, increasing the risk that developers and downstream users will ingest **information-stealing malware** t...
Miasma self-replicating supply chain attack campaign targeting open-source repositories
Campaign
H score83
First: 06.06.2026 09:58
Last: 06.06.2026 09:58
Sources 1
How related:
In a report this week, software supply chain management company Cloudsmith concluded that Microsoft's Azure environment on GitHub and the 'durabletask' repository were compromised via Miasma, which targeted AI coding tools (e.g., Claude Code, Gemini CLI, VS Code, Cursor).
About this happening:
The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...
Miasma self-replicating supply chain attack campaign targeting open-source repositories
CampaignHow related: In a report this week, software supply chain management company Cloudsmith concluded that Microsoft's Azure environment on GitHub and the 'durabletask' repository were compromised via Miasma, which targeted AI coding tools (e.g., Claude Code, Gemini CLI, VS Code, Cursor).
About this happening: The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...
Anthropic Claude Code GitHub Action bypass fix (v1.0.94)
Security Patch Release
H score43
First: 04.06.2026 18:15
Last: 04.06.2026 18:15
Sources 1
About this happening:
Anthropic shipped **claude-code-action v1.0.94** to close a **trigger-check bypass** in **Claude Code GitHub Action**, reducing takeover risk for **public repositories** that run...
Anthropic Claude Code GitHub Action bypass fix (v1.0.94)
Security Patch ReleaseAbout this happening: Anthropic shipped **claude-code-action v1.0.94** to close a **trigger-check bypass** in **Claude Code GitHub Action**, reducing takeover risk for **public repositories** that run...
Red Hat npm Namespace Hijacked in Supply Chain hit by cyberattack
Incident
H score13
First: 01.06.2026 20:40
Last: 01.06.2026 20:40
Sources 1
About this happening:
**Red Hat's** official npm namespace was hijacked in a **supply chain attack** that republished **32 packages** in the **@redhat-cloud-services** scope on **June 1**; the maliciou...
Red Hat npm Namespace Hijacked in Supply Chain hit by cyberattack
IncidentAbout this happening: **Red Hat's** official npm namespace was hijacked in a **supply chain attack** that republished **32 packages** in the **@redhat-cloud-services** scope on **June 1**; the maliciou...
Microsoft CVD response for Windows Defender and BitLocker
Advisory/Mitigation
H score47
First: 28.05.2026 16:53
Last: 28.05.2026 16:53
Sources 1
About this happening:
**Microsoft** is urging **Coordinated Vulnerability Disclosure (CVD)** and says it is developing **security updates** for **Windows components including Defender and BitLocker** a...
Microsoft CVD response for Windows Defender and BitLocker
Advisory/MitigationAbout this happening: **Microsoft** is urging **Coordinated Vulnerability Disclosure (CVD)** and says it is developing **security updates** for **Windows components including Defender and BitLocker** a...
Timeline
-
09.06.2026 18:42 2 articles · 3d ago
GitHub removes 73 Microsoft repositories amid suspected Miasma/Shai-Hulud compromise
Initial DisclosureGitHub removed 73 Microsoft repositories across the Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on June 5 after concerns about potential malicious content linked to a Miasma/Shai-Hulud supply-chain campaign. The removal disrupted continuous integration pipelines and broke Azure/functions-action workflows used to deploy Azure Functions.
Show sources
- GitHub disables Microsoft repos pushing password-stealing malware — www.bleepingcomputer.com — 09.06.2026 18:42
- GitHub disables Microsoft repos pushing password-stealing malware — www.bleepingcomputer.com — 09.06.2026 18:42
-
09.06.2026 18:42 2 articles · 3d ago
Microsoft restores affected GitHub repositories and notifies customers
Mitigation Patch UpdateMicrosoft later restored the affected repositories and said it had notified a small number of customers who may have pulled down content from those repositories. The company said it had temporarily removed some repositories while investigating potential malicious content and would continue to investigate any further customer action needed.
Show sources
- GitHub disables Microsoft repos pushing password-stealing malware — www.bleepingcomputer.com — 09.06.2026 18:42
- Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues — thehackernews.com — 09.06.2026 19:34