The gist: A self-replicating worm compromises 73 Microsoft repositories through stolen administrative credentials, exploiting the trust model of GitHub and npm without leveraging software vulnerabilities.
A self-replicating malware worm has compromised 73 official GitHub repositories from Microsoft across the Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations. GitHub has blocked access to the affected repositories.
The incident was documented by the OpenSourceMalware security platform and affects numerous critical systems: repositories for Azure Functions Host, LLM fine-tuning, Windows driver documentation, and parts of the Durable Task infrastructure. Access is blocked by a message indicating a violation of user policies, which according to GitHub staff was triggered.
The current attack is directly connected to a compromise from May 2026: The TeamPCP group had at that time infected the PyPI package “durabletask” with a variant of the Mini-Shai-Hulud worm to steal credentials from Linux systems. Security researchers such as Paul McCarty (pseudonym 6mile) point out that the same credentials from May remain active and have penetrated the entire Durable Task ecosystem — implementations for .NET, Go, Java, JavaScript, MSSQL, and associated monitoring tools are affected.
The malware independently generates new public repositories with codenames such as “Miasma: The Spreading Blight” and “Hades – The End for the Damned,” in which stolen secrets are stored. The analysis company SafeDep found that the worm also exploits third-party repositories such as icflorescu/mantine-datatable and injects a 4.3-megabyte payload. This is automatically executed when developers open the infected project in environments such as VS Code, Cursor, or via AI assistants such as Claude Code or Gemini CLI.
Unlike classical attacks, the worm does not exploit software vulnerabilities in GitHub or npm. Instead, it exploits the trust model of these platforms: it operates entirely within legitimate channels and signs code with valid keys from authenticated administrative accounts. This circumvents conventional defense mechanisms. The platform FalconFeeds.io describes this mechanism as a “stroke of genius” because neither npm registries nor GitHub security controls block the attack as long as the cryptographic signature and the administrator appear legitimate.
Source: www.it-daily.net · Published 10 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.