GitHub Disables 73 Microsoft Repos After Miasma Worm
Key insights
- GitHub disabled 73 repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs after the Miasma worm compromised authenticated maintainer accounts.
- A 4.3 MB payload auto-executes through Claude Code, Gemini CLI, Cursor, VS Code, and npm test scripts when developers open infected repositories.
- TeamPCP's durabletask PyPI package, first compromised in May 2026, was re-compromised in June, confirming persistent threat-actor access.
Why this matters
The attack vector targets five widely adopted developer tools, meaning any engineer who opened an affected repository in Claude Code, Gemini CLI, Cursor, or VS Code may have silently executed the 4.3 MB payload. The re-compromise of the durabletask PyPI package, infected in May 2026 by TeamPCP and hit again in June, shows threat actors can maintain persistent footholds across both PyPI and GitHub organizations simultaneously. For SDK maintainers and AI tooling vendors, the Miasma worm demonstrates that exploiting signed-and-authenticated trust models can disable 73 repositories across four Microsoft organizations before detection.
Summary
GitHub pulled 73 repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs after the Miasma worm spread via authenticated maintainer accounts and valid keys.
Miasma's 4.3 MB payload fires automatically in Claude Code, Gemini CLI, Cursor, VS Code, and npm scripts when a developer opens an infected repo.
Essentially: (TeamPCP, Microsoft) the May 2026 durabletask PyPI attacker is back. Researcher Paul McCarty: "the same wound reopening."
- Stolen secrets published to 82 repos tagged "Miasma: The Spreading Blight" and 13 under "Hades - The End for the Damned."
- Named repos include azure-search-openai-demo-purviewdatasecurity, llm-fine-tuning, and durabletask (dotnet/Go/JS/MSSQL).
Payload delivery via trusted developer tools marks an escalation from registry-level poisoning.
Potential risks and opportunities
Risks
- Developers who opened any of the 73 disabled repositories in Claude Code, Gemini CLI, Cursor, or VS Code may have active credential exposure without awareness.
- TeamPCP's confirmed re-access to durabletask after initial May 2026 cleanup suggests other PyPI packages in the same ecosystem could be re-compromised within weeks.
- Stolen secrets published across 82 'Miasma: The Spreading Blight' repositories may still be live and accessible, representing an ongoing exfiltration risk for affected organizations.
Opportunities
- Supply chain security vendors offering continuous repo-integrity scanning are positioned to capture new budget from Azure and MicrosoftDocs teams directly citing this incident.
- Developer tool vendors behind Claude Code, Gemini CLI, Cursor, and VS Code face immediate demand for workspace-level sandboxing that prevents auto-executing payloads on repo open.
- GitHub can use this incident to accelerate mandatory signing-key rotation policies and anomalous-push detection for large organizations like Azure and MicrosoftDocs on its platform.
What we don't know yet
- Whether the 82 repos tagged 'Miasma: The Spreading Blight' have been fully audited and taken down by GitHub, or whether harvested secrets remain publicly accessible.
- What specific secrets were extracted from the 73 disabled repositories and whether any developer tokens or API keys obtained remain active.
- How TeamPCP maintained access to the durabletask ecosystem between the May 2026 and June 2026 compromises without triggering any detection or alerts.
Originally reported by The Hacker News
Read the original article →Original headline: Miasma Worm Escalates to Microsoft GitHub — 73 Azure and SDK Repos Disabled After AI Coding Tool Credential Harvesting