Microsoft GitHub Repositories Compromised by Miasma Worm in Supply Chain Attack
Microsoft shut down more than 70 of its own GitHub repositories after the Miasma worm compromised them in a 105-second sweep on June 5, 2026. The self-replicating malware, assessed to be a variant of the Mini Shai-Hulud worm, planted malicious content designed to harvest credentials from developers using AI coding agents like Claude Code and Gemini CLI. The attack involved a malicious commit pushed to the Azure/durabletask repository, introducing configuration files to execute a credential-harvesting payload.
Signal context
First seen: Jun 5, 2026
Last updated: Jun 29, 2026
Status: Public signal
Key points
- 73 Microsoft GitHub repositories across four organizations were compromised.
- Attack occurred on June 5, 2026, in a 105-second sweep.
- Miasma worm, a self-replicating malware, was used.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: Location not provided
Watch ransomware, endpoint compromise and business interruption exposure.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data, Server or cloud data store
- 32 signals in the same sector
- 97 signals with the same likely impact area
- 2 signals linked to this organization/domain
External sources
Related signals
Grouped by why the signal is relevant.
Microsoft Accused of Leaking Dutch Civil Servants' Data to US Government
Microsoft has been accused of leaking data belonging to Dutch civil servants, who work for regulatory agencies implementing EU digital regulations, to the US House of Representatives. The leaked data, reported on May 28, 2026, includes emails, minutes, and invitations with unredacted names. This incident is reportedly linked to the US Cloud Act, which requires American tech companies to share data with the US government.
eogb.co.uk Hit by Stormous Ransomware Group
eogb.co.uk, a UK-based organization, was claimed as a victim by the Stormous ransomware group. The incident was discovered on June 28, 2026, at 21:29 UTC, with deep access to Microsoft Dynamics GP, internal legal documents, partnership agreements, customer contracts, operational spreadsheets, financial reports, and executive documents.
Latvijas Valsts Mezi (LVM) Suffers Cybersecurity Breach
Latvia's state-owned company Latvijas Valsts Mezi (LVM) confirmed a cybersecurity breach of its IT systems, reported on June 26, 2026. The incident, discovered around June 22, led to hackers accessing LVM's IT infrastructure. External IT systems, including 'LVM GEO' and the 'Mednis' hunting app, were taken offline, along with some internal communication systems. A foreign ransomware group claimed responsibility for the attack, which raised concerns due to LVM's role in developing an electoral IT platform for Latvia's parliamentary elections.
KDDI Corporation Data Breach Exposes up to 14.2 Million Email Logins
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained unauthorized access to one of its email systems. This system was also used by five other internet service providers (ISPs) in Japan. The company discovered the compromise on June 17, 2026, and responded by blocking the attacker and implementing defensive measures. The investigation determined that hackers exploited a vulnerability in unnamed third-party software. Up to 14.2 million email addresses and passwords, including those of current, former, and inactive customers, may have been exposed. Some passwords were stored in hashed and/or encrypted form, but the company did not specify the encryption type or the percentage of plaintext passwords. KDDI has reported the incident to Japanese privacy and telecommunications regulators. The breach impacts KDDI Corporation and its partner ISPs.
Polymarket Suffers $3 Million Crypto Drain via Third-Party Vendor Compromise
Prediction market platform Polymarket disclosed a breach where hackers compromised a third-party vendor. The attackers injected malicious code into the Polymarket website for some users, leading to the draining of approximately $3 million in pUSD (USDC-backed) from at least 11 user wallets. The stolen funds were subsequently swapped and moved to Ethereum. Polymarket has contained the incident, committed to full refunds for affected users, and is in the process of notifying victims. This incident highlights supply-chain vulnerabilities in web frontends and crypto platforms.
BIGLOBE Inc. Affected by KDDI Corporation Data Breach
BIGLOBE Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. BIGLOBE Inc. customers' email addresses and passwords may have been compromised.