Miasma worm hit 73 Microsoft GitHub repositories on June 6, 2026.
GitHub disabled the affected repos across four Microsoft organisations — Azure, Azure‑Samples, Microsoft and MicrosoftDocs — after the worm inserted code that silently harvests developer credentials. The malicious script replicates by forking the infected repository, adding the payload, and then creating pull requests to propagate further (The Next Web). Remediation steps include revoking compromised tokens, rotating all affected credentials, and scanning repos with a clean‑room build to remove the injected code.
The incident shows supply‑chain attacks can reach even the target’s own codebases, forcing organizations to treat internal repos with the same scrutiny as third‑party dependencies.
GitHub says the worm is now quarantined, but the episode underlines the need for continuous credential hygiene.