Microsoft has faced a significant security challenge as the Miasma worm has targeted its GitHub repositories. This attack, part of a larger self-replicating supply chain campaign, has disrupted 73 repositories across four Microsoft GitHub organizations, including Azure and MicrosoftDocs, as reported by OpenSourceMalware. The breach has led GitHub to restrict access to these repositories, citing a breach of its terms of service.
Impact on Microsoft Repositories
The repositories affected include notable ones such as Azure and MicrosoftDocs, with the Azure/azure-functions-host being specifically highlighted by GitHub as inaccessible due to policy violations. Some repositories impacted include ‘azure-search-openai-demo-purviewdatasecurity’ and ‘durabletask’ among others. This incident underscores the vulnerability of even major tech giants to cybersecurity threats.
Re-Compromise of the Durabletask Package
A critical aspect of this attack is the re-compromise of the ‘durabletask’ PyPI package, initially breached by TeamPCP to deploy an information-stealing malware on Linux systems. According to security researcher Paul McCarty, the attack extended across multiple related repositories, highlighting a recurring security lapse that suggests incomplete credential revocation from previous incidents.
Evolution of the Miasma Worm
The Miasma worm is believed to be an evolved form of the Mini Shai-Hulud worm, first released by TeamPCP in mid-May 2026. This worm has adapted its tactics, creating new repositories under misleading names such as ‘Miasma: The Spreading Blight’ and ‘Hades – The End for the Damned.’ This adaptability has allowed it to evade traditional defenses and continue spreading across the GitHub ecosystem.
In addition to targeting GitHub repositories, the Miasma worm bypasses npm registry checks, embedding malicious code directly into several repositories such as ‘icflorescu/mantine-datatable.’ By exploiting the trust placed in legitimate software distribution channels, the worm effectively undermines the open-source software supply chain.
Implications for Software Security
The Miasma worm attack highlights fundamental weaknesses in the trust model of open-source software distribution. Unlike typical attacks that exploit vulnerabilities, Miasma leverages the inherent trust in signed and authenticated packages, making it difficult to detect. As FalconFeeds.io notes, the worm operates within legitimate channels, blurring the lines between authentic and malicious activities.
This incident serves as a stark reminder of the vulnerabilities in our software supply chains and the need for robust security measures. As the tech industry continues to grapple with these challenges, improving trust models and enhancing security protocols remain critical priorities.
