CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 09, 2026

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

The Hacker News Archived Jun 09, 2026 ✓ Full text saved

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem," a Microsoft spokesperson told The Hacker News via email. "We temporarily removed some

Full text archived locally
✦ AI Summary · Claude Sonnet


    Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues Ravie LakshmananJun 09, 2026AI Security / Software Supply Chain Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem," a Microsoft spokesperson told The Hacker News via email. "We temporarily removed some repositories as we investigated potential malicious content. Some of these repos have been restored after review, while others may remain offline while work continues." "As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels." The development comes days after the Windows maker cut off access to dozens of its open-source projects hosted on GitHub following reports that they were compromised as part of an ongoing software supply chain campaign codenamed Miasma. Among the projects that were infected included "durabletask," a Python package that was first compromised last month by a cybercrime group known as TeamPCP to deliver an information stealer designed for Linux systems. Further analysis of the Miasma payload embedded into the projects has uncovered capabilities to trigger automatic code execution when an unsuspecting developer opens the repository in an artificial intelligence (AI)-powered coding tool or integrated development environment (IDE). The findings are the latest in a sustained software supply chain campaign that has breached widely used open-source packages to plant malware capable of propagating to downstream users and beyond. This includes a newer PyPI wave tied to the broader Mini Shai-Hulud, Miasma, and Hades waves, infecting an additional set of 23 packages, including some bioinformatics-related libraries used in graph learning, patient phenotyping, phenopacket tooling, and scientific workflows. Some of the other packages include a set of AI and Model Context Protocol (MCP)-themed packages and typosquat-style packages such as rsquests, tlask, and rlask that impersonate requests and flask, and a langchain-core-mcp. The complete list of legitimate and bait packages is below - dreamgen 1.8.1 embiggen 0.11.97 ensmallen 0.8.101 gpsea 0.9.14 instructor-mcp 1.15.2, 1.15.3 langchain-core-mcp 1.4.2, 1.4.3 mem8 6.0.1 mflux-streamlit 0.0.3, 0.0.4 openai-mcp 2.41.1, 2.41.2 orchestr8-platform 3.3.2 phenopacket-store-toolkit 0.1.7 ppkt2synergy 0.1.1 pyphetools 0.9.120 ray-mcp-server 0.2.1 rlask 3.1.7 rsquests 2.34.3 tiktoken-mcp 0.13.1, 0.13.2 tlask 3.1.4 The new cluster employs a new payload delivery mechanism, per Socket, indicating that the threat actors are adapting and actively experimenting with different methods as part of what has been described as a "fast-moving supply chain campaign." While the earlier packages used executable .pth startup hooks to bootstrap Bun and run an obfuscated JavaScript stealer, the latest set incorporates different approaches - Trojanized native .abi3.so extensions that execute the stealer when the package is imported A .pth startup hook loader variant that searches sys.path for the "_index.js" payload instead of bundling the payload in the same wheel "That last variant separates the loader from the JavaScript payload, which could make the package look less obviously malicious during static analysis," Socket told The Hacker News. Regardless of the method used, the end result is the same. Once executed, the malware targets developer workstations and CI/CD environments, harvesting high-value secrets and exfiltrating them to a public GitHub repository. A key capability of the bioinformatics package is its ability to derail and bypass AI-powered scanners and analyst copilots by means of an adversarial prompt injection embedded within a JavaScript block comment, a feature previously detailed by StepSecurity. "The Hades branch of the Shai-Hulud and Miasma activity is best understood as a fast-moving supply chain campaign, not a single package incident," Socket researcher Kirill Boychenko said. "The langchain-core-mcp variant goes further by installing a .pth loader that searches sys.path for _index.js, meaning the loader and payload do not need to live in the same wheel." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  AI Security, CI/CD, GitHub, Information Stealer, Malware, Microsoft, Open Source, Prompt Injection, PyPI, Software Supply Chain ⚡ Top Stories This Week New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy and Cloudflare AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors + 20 New Stories Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag Load More ▼ ⭐ Featured Resources [Guide] Transform Network Operations with Intelligent Workflows Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale See How Agentic AI Cuts Your SOC Triage Time in Half [Get a Demo] Catch 88% of Malware Threats in Under 60 Seconds with Live Sandbox Analysis
    💬 Team Notes
    Article Info
    Source
    The Hacker News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 09, 2026
    Archived
    Jun 09, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗