logo

Miasma Blight Reaches Microsoft: 73 Repos Disabled in 105 Seconds

ID: 8195de5a-eea8-5a62-8ead-1e2a438816db

STIX ID: report--8195de5a-eea8-5a62-8ead-1e2a438816db

Feed Name: OpenSourceMalware Blog

Threat Score
85/100

Date Published: 2026-06-06

Date Updated: 2026-06-20

Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2

...
...

On June 5, 2026 GitHub automated enforcement disabled 73 Microsoft repositories across four orgs within 105 seconds (flagged as TOS violations), causing global CI breakage for consumers of Azure functions actions. The takedown centers on the durabletask ecosystem — previously compromised via malicious PyPI packages tied to stolen GitHub Actions secrets and attributed to TeamPCP — and is plausibly linked to Miasma, a worm that harvests Azure/GCP credentials and creates attacker-controlled repos and JSON-secret commits; the report details affected repos, impact, and immediate mitigation steps.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.