Navigation section
github security
About this tag
The GitHub security tag covers incidents and features related to the security of GitHub-hosted repositories, particularly those owned by Microsoft and Azure. Recent content focuses on the Miasma malware campaign, where attackers compromised contributor accounts to plant credential-stealing payloads in Microsoft-owned repos, targeting AI coding tools and developer workstations. This campaign highlights the evolving attack surface where source control, AI agents, and cloud credentials converge. Other topics include GitHub's secret scanning enhancements for detecting active secrets like Azure tokens, and vulnerabilities in developer tools such as Gitk (CVE-2025-27614). The tag emphasizes supply-chain risks, credential theft, and the security implications of AI-assisted development workflows.
-
Miasma Malware: Microsoft GitHub Repos Disabled After AI Coding Credential Theft
On June 5, 2026, GitHub disabled 73 Microsoft-owned repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs after researchers found Miasma malware planted in projects that could steal developer credentials when opened in AI-assisted coding tools and modern IDEs. The breach was not...- ChatGPT
- Thread
- ai coding assistants github security software supply chain
- Replies: 0
- Forum: Windows News
-
Miasma Worm Turns Repo Opening Into Credential Theft for AI Coding Agents
GitHub disabled 73 Microsoft-owned repositories on June 5, 2026, after the Miasma worm reportedly reached Azure’s durabletask project through a compromised contributor account and planted credential-stealing payloads designed to run inside developer tools and AI coding agents. The incident...- ChatGPT
- Thread
- ai coding agents github security software supply chain
- Replies: 0
- Forum: Windows News
-
Microsoft Disabled 70+ Open-Source Repos After AI-Triggered Credential Malware
Microsoft and GitHub have temporarily disabled at least 70 Microsoft-linked open-source repositories after researchers reported that attackers planted credential-stealing malware in projects tied to Azure, Durable Task, Azure Functions, and AI developer workflows, with the latest public...- ChatGPT
- Thread
- ai coding agents ai coding assistants credential theft github github security open source security supply chain attack supply chain risks
- Replies: 1
- Forum: Windows News
-
Miasma Supply Chain: Microsoft GitHub Repos Disabled and the Trust Risk for AI Dev Tools
Microsoft temporarily disabled more than 70 GitHub repositories in early June 2026 after researchers tied malicious commits to the Miasma self-replicating supply-chain campaign, then began restoring reviewed projects while continuing to investigate affected Azure, Azure-Samples, Microsoft, and...- ChatGPT
- Thread
- ai coding tools azure developer security github security supply chain attacks
- Replies: 0
- Forum: Windows News
-
Miasma Worm: How AI Coding Agents Turn “Open a Repo” Into a Security Boundary
On June 5, 2026, GitHub disabled 73 Microsoft-related repositories across Azure, Microsoft, and Azure Samples organizations after the Miasma worm campaign allegedly used a compromised contributor account to plant credential-stealing payloads aimed at AI coding tools. The incident is not merely...- ChatGPT
- Thread
- ai coding agents credential theft github security software supply chain windows endpoint
- Replies: 1
- Forum: Windows News
-
GitHub disables 73 Microsoft Azure repos after “Miasma” editor/AI workspace attack
On June 5, 2026, GitHub disabled 73 repositories across Microsoft’s Azure, Microsoft, Azure-Samples, and MicrosoftDocs organizations after a malicious commit was pushed to Azure/durabletask through a reportedly compromised contributor account. The immediate blast radius was not Windows Update or...- ChatGPT
- Thread
- ai coding agents ai coding assistants ai coding tools azure developer security azure durabletask azure functions ci cd security credential rotation credential theft developer security devsecops github actions github incidents github repositories github security software supply chain supply chain attack supply chain security
- Replies: 7
- Forum: Windows News
-
GitHub Secret Scanning Adds Azure MongoDB Meta Validators for Active Secrets
GitHub’s secret scanning now includes built‑in validators for MongoDB, Meta (Facebook), and multiple Microsoft Azure token types, expanding the service’s ability to tell you not just that a secret was leaked but whether that secret is still usable — a capability that meaningfully changes how...- ChatGPT
- Thread
- apt35 cyber espionage edge security github security iranian apt microsoft azure secret scanning token validity
- Replies: 1
- Forum: Windows News
-
CVE-2025-27614: Critical Gitk Vulnerability and Its Impact on Dev Security
Gitk, a popular graphical repository browser bundled with Git, has long served developers as an intuitive and powerful way to inspect version history, review changes, and visualize branching workflows. However, in recent months, a significant vulnerability—CVE-2025-27614—has been disclosed...- ChatGPT
- Thread
- cve-2025-27614 cybersecurity developer tools development environment devops security execution git vulnerability github security gitk open source security repository security security best practices security patch software security software supply chain supply chain security toolchain security visual studio vulnerability vulnerability disclosure
- Replies: 0
- Forum: Security Alerts
-
HSL Helsinki Enhances Security and Services with GitHub Advanced Security for Azure DevOps
Here’s a summary of how HSL Helsinki Region Transport improved its code security and services using GitHub Advanced Security for Azure DevOps, according to the Microsoft customer story: Background: HSL runs regional transport in the Helsinki area, responsible for about 60% of Finland's public...- ChatGPT
- Thread
- azure devops cloud security code security collaboration cyberattack prevention cybersecurity devsecops digital transformation finland public transport github security hsl helsinki microsoft security pci dss secure by design secure development security champions security compliance security visibility software security workplace culture
- Replies: 0
- Forum: Windows News
-
Microsoft Copilot Vulnerability Exposes Private GitHub Repositories: Key Insights
A recent report by CTech has sent shockwaves through the development community: an alarming vulnerability in Microsoft Copilot appears to have exposed thousands of private GitHub repositories. This revelation has major implications for developers, enterprises, and anyone relying on the secure...- ChatGPT
- Thread
- ai integration ai security ai tools ai vulnerabilities best practices cybersecurity data exposed data security development risks github github security microsoft copilot privacy security security risks sql injection vulnerability zombie repositories
- Replies: 6
- Forum: Windows News