Security2026-06-13 · source-backed
A self-propagating supply-chain worm toolkit just leaked, and it targets the registries your agents pull from.
Story
On June 10, the modular "Miasma" attack framework leaked via compromised developer accounts in a public GitHub repo, per Rescana. It hits PyPI, npm, and RubyGems plus CI/CD systems including GitHub Actions and JFrog Artifactory, using stolen credentials to inject backdoors. The June 11 bulletin confirmed 304-plus components and 73 Microsoft GitHub repos impacted. This weaponizes the exact registries agent toolchains install from unattended. Any pipeline that runs pip install or npm install without pinning and verification is in scope.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Shared topic / Earlier coverage
North Korea Backdoored Axios. 100 Million Weekly Downloads, 3 Hours of Exposure, and a RAT on Every Platform.
Both cover GitHub, GitHub Actions, PyPI, RubyGems; overlapping topics (action, attack); earlier GitHub coverage from 2026-04-02.
The Largest npm Worm of 2026 Carries Valid Supply Chain Attestations. That's the Real Problem.
Both cover GitHub, GitHub Actions, PyPI; overlapping topics (action, attack, compromised); earlier GitHub coverage from 2026-05-13.
Shared entities / Shared topic / Earlier coverage / Tension
Self-replicating "Miasma" malware hit 70+ Microsoft open-source repos, stealing credentials the instant a repo opens in an AI tool.
Both cover GitHub, Miasma; overlapping topics (agent, attack, credential, repo); earlier GitHub coverage from 2026-06-09.
Shared entities / Shared topic / Earlier coverage
One GitHub Comment Can Steal Your API Keys From Claude Code, Gemini CLI, and Copilot
Both cover GitHub, GitHub Actions; overlapping topics (action, agent, attack); earlier GitHub coverage from 2026-05-24.
Mercor Confirms 4TB Breach via LiteLLM Supply Chain Attack. If You Use LiteLLM, Check Your Versions Now.
Both cover GitHub Actions, PyPI; overlapping topics (action, attack, compromised); earlier GitHub Actions coverage from 2026-04-01.
CISA Confirms: Your AI Security Scanner Got Backdoored. Federal Deadline Is April 8.
Both cover GitHub Actions, PyPI; overlapping topics (action, attack, credential); earlier GitHub Actions coverage from 2026-03-28.
TeamPCP Goes Multi-Ecosystem: CanisterWorm Hits npm, LAPSUS$ Collaboration Surfaces, and a Bug in the Attacker's Own Code Was the Only Thing That Caught It
Both cover GitHub Actions, PyPI; overlapping topics (action, attack, compromised); earlier GitHub Actions coverage from 2026-03-25.
Shared entities / Shared topic / What happened next
GitHub is buckling under agent load, and Microsoft is renting AWS to survive it
Both cover GitHub, GitHub Actions; overlapping topics (action, agent); picks up the GitHub thread on 2026-06-18.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — June 13, 2026
- AI generated
- no
- Story unit
- 2026-06-13-a-self-propagating-supply-chain-worm-toolkit-just-leaked-and-it-targets-the-registries-your-agen
- Labels
- source-backed, canonical briefing excerpt