Miasma Worm: il supply chain attack che ha colpito 73 repository Microsoft su GitHub Un worm auto-replicante chiamato Miasma ha compromesso 73 repository Micros
A sophisticated supply chain attack, dubbed Miasma, has compromised 73 Microsoft repositories on GitHub, including critical ones for Azure and MicrosoftDocs. This self-replicating worm, a variant of Mini Shai-Hulud, exploits trust in development ecosystems rather than technical vulnerabilities, making malicious updates indistinguishable from legitimate ones. A particularly concerning aspect is its detonation vector, which leverages AI development tools to automatically execute malicious payloads when a developer clones and opens an infected repository. AI
IMPACT Introduces a novel attack vector where AI development tools become unwitting conduits for malware execution, posing a new risk to software supply chains.