On June 5, 2026, GitHub’s automated anti-fraud system disabled 73 Microsoft-owned repositories across two automated sweeps lasting a total of 105 seconds. The repositories spanned four major Microsoft organisations: Azure, Azure-Samples, Microsoft, and MicrosoftDocs. The attack that triggered the shutdowns began earlier: a malicious commit pushed to the Azure/durabletask repository on June 5 using a compromised contributor account introduced configuration files that activated a credential-harvesting payload when developers opened the repository inside AI coding tools, including Claude Code, Gemini’s command-line interface, Cursor, and VS Code. Microsoft confirmed it pulled the repositories after the breach reached wider attention. YourNewsClub treats the 105-second GitHub automated response as an operational success and the original credential compromise as the deeper institutional failure – the entry point was a developer account whose credentials were not fully rotated or repaired after a prior compromise in May.
The malware responsible is called Miasma. It belongs to a class of self-replicating credential-stealing worms built on the Mini Shai-Hulud codebase, which a hacking group called TeamPCP open-sourced. When a developer opens a Miasma-infected repository inside an AI coding environment, the malware immediately harvests credentials for cloud platforms and developer tools, then uses those credentials to propagate itself into any other repository or package the infected environment can access. That self-replication mechanism is what makes the attack significant beyond the initial 73 repositories: a single compromised developer environment can cascade into upstream package dependencies and downstream project forks before the initial compromise is detected.
The May 2026 precursor is the detail that demands attention. In May, a Python package for the Durable Task Framework – part of the Azure ecosystem – was compromised by Miasma. Microsoft identified and removed the affected packages from PyPI. Cloudsmith, one of the first firms to flag the June attack, noted: “The fact that the exact same ecosystem that was down last month is now completely down this month suggests that there is a deeper problem, and it is highly likely that the original credentials used in May were not fully rotated or repaired.” That is a direct statement that remediation after the May incident was incomplete. YourNewsClub considers the incomplete credential rotation the most operationally consequential failure in this incident, because it transformed a solved problem into a second, larger one.
Owen Radner, who models digital infrastructure as a system of energy and information transport, draws the architectural implication: “Supply chain attacks on developer tooling are not product vulnerabilities – they are infrastructure attacks. The target is not the application a developer ships. The target is the environment a developer trusts while shipping. Once you compromise Claude Code or VS Code’s package context, you own every credential that environment touches. That is a different threat model than patching a bug in a deployed application.” The attack coincides with the wider deployment of AI coding tools across enterprise development teams, which has expanded the attack surface for exactly this category of supply chain compromise.
The unresolved question is volume. Microsoft has not disclosed how many developers downloaded the affected tools during the period the malicious commit was active. The number of affected accounts will determine whether this is a targeted credential harvest or a broad-based developer credential leak that feeds into subsequent infrastructure attacks. Your News Club will track any Microsoft disclosure on affected account numbers, any reports of follow-on access using harvested credentials, and whether the Miasma worm surfaces in additional package ecosystems before the end of June.
The timing of the attack – arriving in the same week as major AI IPO filings and a record AI coding tool adoption cycle – is an uncomfortable reminder that expanding the developer toolchain also expands the attack surface. YourNewsClub places incomplete credential rotation after a known compromise as the single most preventable failure category in this entire class of supply chain attack.