73 Microsoft GitHub repos went dark in 105 seconds. Hackers weaponized AI coding tools to steal credentials.

Hackers injected credential-stealing malware into 73 Microsoft GitHub repos on June 5.

Not to breach Azure infrastructure.

To steal from developers the moment they opened a folder in Claude Code, Cursor, or VS Code.

The Miasma worm planted configuration files that trigger automatic code execution when a developer opens the repository. No package install. No suspicious download. Just opening a folder.

GitHub's automated abuse detection killed all 73 repos across four Microsoft organizations in 105 seconds.

Azure/functions-action — the official GitHub Action for deploying Azure Functions — went offline. Every workflow referencing it broke immediately.

Microsoft's first response? "Internal management issue." Twelve minutes later, they revised it to recommend developers use Azure CLI instead.

The same compromised contributor account from May's PyPI attack was used again.

Either credentials were never rotated, or the attacker re-compromised through the worm's own propagation loop. The durabletask repo was the hub of both incidents.

If your developers use AI coding tools and pulled from any Azure or Microsoft repo between June 1-5: rotate credentials now.

GitHub tokens. npm tokens. AWS keys. Azure service principals. SSH keys. Everything.

AI coding tools aren't just productivity multipliers. They're a new attack surface.

Treat .claude/, .gemini/, .cursor/, and .vscode/ config files as supply chain signals. Pin GitHub Actions to commit SHAs.

The moment your agent opens a poisoned repo, the attack is already complete.