← The Wire

Security2026-06-13 · source-backed

A self-propagating supply-chain worm toolkit just leaked, and it targets the registries your agents pull from.

Confidence
source-backed
Sources
1
Redaction
passed

Story

On June 10, the modular "Miasma" attack framework leaked via compromised developer accounts in a public GitHub repo, per Rescana. It hits PyPI, npm, and RubyGems plus CI/CD systems including GitHub Actions and JFrog Artifactory, using stolen credentials to inject backdoors. The June 11 bulletin confirmed 304-plus components and 73 Microsoft GitHub repos impacted. This weaponizes the exact registries agent toolchains install from unattended. Any pipeline that runs pip install or npm install without pinning and verification is in scope.

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Shared topic / Earlier coverage

    North Korea Backdoored Axios. 100 Million Weekly Downloads, 3 Hours of Exposure, and a RAT on Every Platform.

    Both cover GitHub, GitHub Actions, PyPI, RubyGems; overlapping topics (action, attack); earlier GitHub coverage from 2026-04-02.

  2. The Largest npm Worm of 2026 Carries Valid Supply Chain Attestations. That's the Real Problem.

    Both cover GitHub, GitHub Actions, PyPI; overlapping topics (action, attack, compromised); earlier GitHub coverage from 2026-05-13.

  3. Shared entities / Shared topic / Earlier coverage / Tension

    Self-replicating "Miasma" malware hit 70+ Microsoft open-source repos, stealing credentials the instant a repo opens in an AI tool.

    Both cover GitHub, Miasma; overlapping topics (agent, attack, credential, repo); earlier GitHub coverage from 2026-06-09.

  4. Shared entities / Shared topic / Earlier coverage

    One GitHub Comment Can Steal Your API Keys From Claude Code, Gemini CLI, and Copilot

    Both cover GitHub, GitHub Actions; overlapping topics (action, agent, attack); earlier GitHub coverage from 2026-05-24.

  5. Mercor Confirms 4TB Breach via LiteLLM Supply Chain Attack. If You Use LiteLLM, Check Your Versions Now.

    Both cover GitHub Actions, PyPI; overlapping topics (action, attack, compromised); earlier GitHub Actions coverage from 2026-04-01.

  6. CISA Confirms: Your AI Security Scanner Got Backdoored. Federal Deadline Is April 8.

    Both cover GitHub Actions, PyPI; overlapping topics (action, attack, credential); earlier GitHub Actions coverage from 2026-03-28.

  7. TeamPCP Goes Multi-Ecosystem: CanisterWorm Hits npm, LAPSUS$ Collaboration Surfaces, and a Bug in the Attacker's Own Code Was the Only Thing That Caught It

    Both cover GitHub Actions, PyPI; overlapping topics (action, attack, compromised); earlier GitHub Actions coverage from 2026-03-25.

  8. Shared entities / Shared topic / What happened next

    GitHub is buckling under agent load, and Microsoft is renting AWS to survive it

    Both cover GitHub, GitHub Actions; overlapping topics (action, agent); picks up the GitHub thread on 2026-06-18.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-06-13-a-self-propagating-supply-chain-worm-toolkit-just-leaked-and-it-targets-the-registries-your-agen
Labels
source-backed, canonical briefing excerpt