A major cybersecurity attack has compromised dozens of software repositories and packages used by millions of developers worldwide. Security researchers discovered that the Miasma worm successfully infected at least 73 Microsoft GitHub repositories in what experts are calling a serious supply chain attack.
The Miasma worm also targeted npm, a popular package manager that developers use to add code to their projects. The attack created a new variant of the worm that specifically targeted npm packages. This same attack vector also featured IronWorm, another malicious program designed to steal sensitive information from developers.
The compromised packages included Red Hat npm packages, meaning developers who downloaded these packages unknowingly installed malware on their systems. The Miasma worm was designed to steal credentials—essentially the digital keys that give developers access to their accounts and projects.
Researchers also discovered that OpenAI's authentication tokens were stolen during a related npm supply chain attack involving the codexui-android package. Authentication tokens are like digital passes that prove a user's identity and allow them to access services without entering passwords every time.
Microsoft identified another serious vulnerability in its GitHub platform that could have allowed attackers to steal OAuth tokens with just one click. OAuth tokens are security credentials that allow users to log into different services safely. Although Microsoft quickly fixed this vulnerability, the discovery highlighted how easily attackers could have gained unauthorized access to developer accounts.
Supply chain attacks are particularly dangerous because they target the tools and infrastructure that developers use to create software. When attackers compromise these systems, they can potentially affect millions of users who download the infected code. This type of attack spreads the malware broadly before anyone notices the problem.
The attacks suggest that hackers are increasingly focusing on software development platforms as targets. By compromising repositories and packages, attackers can reach large numbers of developers and organizations with a single coordinated campaign. Security experts recommend that developers check their repositories for suspicious activity, update their packages immediately, and review their authentication logs for unauthorized access.
These incidents underscore the importance of securing development tools and maintaining careful oversight of the software supply chain. Many organizations are now implementing additional security measures to protect their coding environments and verify that the packages they download are legitimate and safe.