A Miasma worm campaign compromised 73 Microsoft GitHub repositories, disrupted global CI/CD workflows and evolved beyond PyPI attacks to target AI coding tools, highlighting escalating open-source supply chain risks.
A major open-source software supply chain attack has compromised 73 Microsoft GitHub repositories, primarily within Azure, disrupting CI/CD workflows worldwide and exposing a new attack path through AI developer tools.
The June 5 campaign involved Miasma, a variant of the Mini Shai-Hulud worm. GitHub automatically took the affected repositories offline for terms-of-service violations, triggering widespread disruption. One of the hardest-hit components was Azure/functions-action, a GitHub Action widely used to deploy Azure Functions. According to Open Source Malware researchers, “When GitHub disabled it (and functions-container-action alongside it), every workflow on Earth that references Azure/functions-action@v1 stopped resolving.”
StepSecurity linked the incident to Microsoft’s earlier PyPI compromise involving the official durabletask Python SDK. Three malicious versions of the package, which typically records around 400,000 downloads per month, were uploaded on May 19 before being removed approximately 35 minutes later. Researchers believe both incidents are connected to the broader TeamPCP supply chain campaign.
The latest attack marks a notable evolution in tactics. Rather than poisoning package registries, attackers planted malicious configuration files inside repositories that executed code when opened through AI coding environments, including Claude Code, Gemini CLI, Cursor and Visual Studio Code.
“The June 5 attack skips that entirely. It changed no source code; it planted config files for Claude Code, Gemini CLI, Cursor, and VS Code, all pointing at one 4.6MB payload,” said Ashish Kurmi, CTO and Co-Founder of StepSecurity.
Microsoft said the repositories have since been restored and affected customers notified while investigations continue.
