73 Microsoft GitHub repositories impacted by Miasma malware
A supply chain compromise involving the Miasma malware affected 73 Microsoft GitHub repositories after initially compromising a Red Hat employee's GitHub account. The malware planted a payload runner directly into multiple public repositories, which executes automatically when cloned and opened in certain AI development tools. The compromised repositories include critical Microsoft projects such as Azure Functions Host and components across multiple programming languages. Red Hat confirmed the compromise originated from unauthorized commits in their GitHub organization and has removed affected package versions from npm. No customer action is currently required as Red Hat's deployment process prevents the malicious code from reaching production environments. The investigation is ongoing.
AI Analysis
Technical Summary
The Miasma malware worm began by compromising a Red Hat employee's GitHub account, injecting malicious payload runners into multiple public repositories under the @redhat-cloud-services npm namespace. This payload executes automatically when infected repositories are cloned and opened in AI development tools like Claude Code, Gemini CLI, and Cursor. The worm self-replicated and spread into Microsoft's GitHub organizations, impacting over 70 repositories including core tools such as Azure/azure-functions-host and the durabletask ecosystem spanning .NET, Go, Java, JavaScript, MSSQL, and Python. Red Hat's investigation confirmed unauthorized commits in their GitHub organization and removed compromised package versions from npm. Their build and deployment processes prevent the malicious code from reaching production environments like the Hybrid Cloud Console. Red Hat continues to analyze the impact and has stated no customer action is required at this time.
Potential Impact
The malware compromised multiple public GitHub repositories, including critical Microsoft projects, by injecting payload runners that execute in AI development environments. This could lead to unintended code execution when developers clone and open infected repositories in specific AI tools. However, Red Hat's deployment protections prevented the malicious code from reaching production environments. No evidence currently indicates that customer environments or Red Hat managed cloud services were affected. The compromised repositories have been disabled by GitHub to prevent further spread.
Mitigation Recommendations
Red Hat has removed the compromised package versions from npm and disabled affected repositories on GitHub. Their deployment process strips installation-time scripts, preventing the malicious code from reaching production. Red Hat advises that no customer action is currently required. Organizations should monitor official Red Hat advisories for updates as the investigation continues. Developers should avoid cloning or using the affected repositories until they are confirmed clean or restored.
73 Microsoft GitHub repositories impacted by Miasma malware
Description
A supply chain compromise involving the Miasma malware affected 73 Microsoft GitHub repositories after initially compromising a Red Hat employee's GitHub account. The malware planted a payload runner directly into multiple public repositories, which executes automatically when cloned and opened in certain AI development tools. The compromised repositories include critical Microsoft projects such as Azure Functions Host and components across multiple programming languages. Red Hat confirmed the compromise originated from unauthorized commits in their GitHub organization and has removed affected package versions from npm. No customer action is currently required as Red Hat's deployment process prevents the malicious code from reaching production environments. The investigation is ongoing.
Reddit Discussion
The worm initially struck the redhat-cloud-services npm namespace by compromising a Red Hat employee’s GitHub account.
It skipped the npm registry entirely for several targets, planting a payload runner straight into multiple public repos. The dropper then automatically executes when an infected repository is cloned and opened inside AI dev tooling like Claude Code, Gemini CLI and Cursor.
The self-replicating worm fully spread into Microsoft's GitHub orgs. Over 70 repositories are already known to be compromised and subsequently disabled by GitHub. If you click into the below repos you'll still see the same error notification for entire weekend.
This includes core tools like Azure/azure-functions-host and the entire ecosystem surrounding durabletask (spanning .NET, Go, Java, JS, MSSQL, and Python).
Short blog post on the Miasma malware:
https://cloudsmith.com/blog/miasma-worms-path-of-destruction
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Miasma malware worm began by compromising a Red Hat employee's GitHub account, injecting malicious payload runners into multiple public repositories under the @redhat-cloud-services npm namespace. This payload executes automatically when infected repositories are cloned and opened in AI development tools like Claude Code, Gemini CLI, and Cursor. The worm self-replicated and spread into Microsoft's GitHub organizations, impacting over 70 repositories including core tools such as Azure/azure-functions-host and the durabletask ecosystem spanning .NET, Go, Java, JavaScript, MSSQL, and Python. Red Hat's investigation confirmed unauthorized commits in their GitHub organization and removed compromised package versions from npm. Their build and deployment processes prevent the malicious code from reaching production environments like the Hybrid Cloud Console. Red Hat continues to analyze the impact and has stated no customer action is required at this time.
Potential Impact
The malware compromised multiple public GitHub repositories, including critical Microsoft projects, by injecting payload runners that execute in AI development environments. This could lead to unintended code execution when developers clone and open infected repositories in specific AI tools. However, Red Hat's deployment protections prevented the malicious code from reaching production environments. No evidence currently indicates that customer environments or Red Hat managed cloud services were affected. The compromised repositories have been disabled by GitHub to prevent further spread.
Mitigation Recommendations
Red Hat has removed the compromised package versions from npm and disabled affected repositories on GitHub. Their deployment process strips installation-time scripts, preventing the malicious code from reaching production. Red Hat advises that no customer action is currently required. Organizations should monitor official Red Hat advisories for updates as the investigation continues. Developers should avoid cloning or using the affected repositories until they are confirmed clean or restored.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":30,"reasons":["external_link","newsworthy_keywords:malware","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["malware"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a268c65e29bf47b50cd0745
Added to database: 6/8/2026, 9:33:25 AM
Last enriched: 6/8/2026, 9:33:35 AM
Last updated: 6/9/2026, 6:30:06 AM
Views: 23
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.