Agents
Miasma supply-chain worm toolkit leaked on GitHub, already hitting npm/PyPI and CI/CD
On June 10, 2026, the modular 'Miasma' attack framework was leaked via compromised developer accounts in a 'Miasma-Open-Source-Release' GitHub repo. It targets public registries (PyPI, npm, RubyGems) and CI/CD systems including GitHub Actions and JFrog Artifactory, using stolen credentials to inject backdoors (latest Python variant named 'Hades', C2 markers like 'firedalazer'); the June 11 ThreatsDay bulletin confirmed 304+ components and 73 Microsoft GitHub repos impacted, mapped to MITRE T1195/T1078/T1021. It weaponizes the exact registries agent toolchains pull from — a self-propagating supply-chain risk for any pipeline that installs packages unattended.
Source
↳ Follow the thread