The Miasma Worm Source Code Briefly Leaked on GitHub

The report describes the brief public leak of Miasma — a sophisticated, self‑propagating credential‑stealing worm used in supply‑chain attacks across npm, PyPI, and Go — noting infections that impacted major packages and cascaded into breaches at organizations such as GitHub, Grafana, and OpenAI; the availability of its source code raises the risk of rapid proliferation and lower‑skill actors adopting the tool, and the report provides defensive recommendations (audit dependencies, rotate secrets, enable 2FA, monitor outbound connections, lock dependency versions).