The extremely contagious “Miasma” software program provide chain worm is aggressively compromising developer environments by hijacking GitHub Actions workflows and planting malicious configuration hooks that weaponise native AI coding brokers.
The Miasma malware marketing campaign represents a crucial escalation in software program provide chain safety, functioning as a extremely contagious, self-propagating worm that explicitly targets builders, bundle registries, and cloud pipelines. Initially derived from the open-source Mini Shai-Hulud toolkit revealed in mid-Could 2026, the worm abandons conventional ransomware techniques in favour of an automatic ecosystem flywheel.
It infects growth environments, harvests authentication keys, and instantly weaponises these stolen credentials to poison downstream repositories, bundle namespaces, and organisations in an exponential loop. Working closely inside official growth workflows, the malware effortlessly evades conventional software program bill-of-materials and static code evaluation instruments.
Early waves hijacked Pink Hat worker credentials to push backdoored packages immediately into the @redhat-cloud-services npm registry utilizing trusted OpenID Join publishing pipelines, yielding genuine cryptographic signatures. Later variants utilised a “Phantom Gyp” approach through binding.gyp recordsdata to set off execution on set up, alongside malicious configuration hooks tailor-made for AI coding instruments like Claude Code, Cursor, and Gemini CLI.
The second a developer interacts with a poisoned repository utilizing their AI agent, the tooling routinely executes the malware payload with out requiring handbook bundle set up. As soon as lively on a neighborhood workstation or cloud-hosted runner, the payload aggressively extracts repository secrets and techniques by scanning runner reminiscence immediately, whereas vacuuming cloud management aircraft entry keys from AWS, Azure, and Google Cloud metadata companies.
“On June 24, 2026 at 15:39:06 UTC, an attacker force-pushed a malicious decide to codfish/semantic-release-action and redirected a number of model tags to level on the malicious commit,” stated StepSecurity. The blast radius has severely impacted core open-source infrastructure, forcing GitHub safety employees to disable 73 Microsoft-affiliated repositories to halt a speedy an infection chain. Risk intelligence confirms that the Miasma toolkit has actively expanded its territory past JavaScript and Python ecosystems, efficiently leaping boundaries to compromise the Go module structure and cloud-native serverless methods.