Post
CRITICAL ⚡ MUST-KNOW

Microsoft GitHub Repos Compromised to Push Password-Stealing Malware (Miasma)

· supply-chain · malware · github · microsoft · data-breach

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs GitHub organizations after attackers injected an information stealer into open-source project code. The incident, part of an ongoing probe dubbed Miasma, disrupted continuous integration pipelines for downstream consumers of the compromised repos. Microsoft confirmed it is restoring some repositories while keeping others offline as the investigation continues. Any developer or organization consuming packages or workflows from the affected Microsoft GitHub orgs in the past several days should audit their dependency graphs and build artifacts for the infostealer payload. This is a supply-chain compromise of a major OSS maintainer — downstream impact may be broad.