Microsoft disabled over 70 internal GitHub repositories following a self-replicating Miasma worm compromise. GitHub executed an automated sweep to remove the repositories on June 5, 2026. The affected assets span four Microsoft organizations, including Azure. Microsoft confirmed the temporary removal while investigators analyze potential malicious content.
The Miasma worm executes automatically when developers open compromised repositories using Claude Code or Gemini CLI. The malware also targets standard developer tools such as VS Code. Attackers used compromised contributor credentials to push malicious code disguised as routine updates. The worm harvests cloud platform credentials to spread across other accessible repositories.