Miasma supply chain worm compromises 73 Microsoft GitHub repositories via AI-powered code review
English summary
A supply chain worm named Miasma has compromised 73 GitHub repositories across four Microsoft organizations: Azure, Azure-Samples, Microsoft, and MicrosoftDocs. The worm activates when code is opened in AI coding assistants like Cursor or Claude Code, turning the code review process into an immediate risk for developers. This attack enables full system vulnerability even when using official Microsoft source code, making it the most significant supply chain attack of the year.
Chinese summary
名为Miasma的供应链蠕虫已感染微软旗下四个组织(Azure、Azure-Samples、Microsoft和MicrosoftDocs)的73个GitHub仓库。该蠕虫在开发者通过Cursor或Claude Code等AI编程助手打开代码时激活,将代码审查过程转变为即时风险。即使使用微软官方源代码,攻击仍可导致系统完全沦陷,成为今年最严重的供应链攻击。
Key points
Miasma is a self-spreading supply chain worm targeting GitHub repositories.
Miasma是一种自我传播的供应链蠕虫,瞄准GitHub仓库。
73 repositories across four Microsoft organizations (Azure, Azure-Samples, Microsoft, MicrosoftDocs) were compromised.
微软旗下四个组织(Azure、Azure-Samples、Microsoft、MicrosoftDocs)共73个仓库被感染。
The worm activates when code is reviewed using AI tools like Cursor or Claude Code.
蠕虫在使用Cursor或Claude Code等AI工具审查代码时激活。
The attack achieves full vulnerability even from official Microsoft sources.
攻击即使从微软官方来源也能实现完全漏洞利用。
It is described as the most significant supply chain attack of the year.
被描述为年度最重大的供应链攻击。