Homepage News Details
73 Repositories of Microsoft's GitHub Attacked by Miasma Worm
2026-06-15 14:57
Favorite

en.Wedoany.com Reported - Last week, the cybersecurity field witnessed multiple widespread attacks. Issues such as poisoned software packages, exploited AI assistants, and code repository worms emerged, but the root cause remains the continued effectiveness of old attack techniques. A chatbot was easily deceived, malware leaked a bot token, and attackers lurked in inboxes for months to steal information.

The Miasma worm attacked 73 repositories under Microsoft's GitHub organization, involving organizations such as Azure, Azure-Samples, Microsoft, and MicrosoftDocs. This incident prompted GitHub to disable access to the affected repositories. Miasma is assessed as a variant of the Mini Shai-Hulud worm released by TeamPCP in mid-May 2026, constituting a self-replicating supply chain attack.

Google released patches for June 2026, fixing 124 security vulnerabilities affecting the Android operating system, including a high-risk vulnerability in a framework component, CVE-2025-48595 (CVSS score 8.4), which has been actively exploited. This vulnerability allows privilege escalation without user interaction, affecting Android versions 14, 15, 16, and 16 QPR2. Google acknowledged that the vulnerability may be subject to limited targeted exploitation.

The U.S. Department of Justice announced the results of "Operation Disruption Week," targeting cyber-enabled and cryptocurrency fraud against Americans. The operation removed millions of social media, email, and internet access accounts used by transnational cybercrime groups in Southeast Asia for scams. Private enterprises voluntarily froze over $3.8 million in cryptocurrency linked to money laundering. This operation is part of the U.S. "Fraud Center Strike Force" initiative, aimed at dismantling fraud, human trafficking, and money laundering networks operated by transnational criminal organizations in Southeast Asia.

An emerging Chinese-language cybercriminal group, TA4922, has expanded its activities from East Asia to Europe and Africa, updating the malware used for network intrusions. The group is economically motivated, gaining remote access for data theft, fraud, and resale of access rights. Its tactics partially overlap with Silver Fox and Void Arachne, utilizing malware distribution, credential phishing, and credit card theft in different campaigns. Lures impersonate tax authorities, finance departments, and HR teams from Japan, Taiwan, South Korea, Singapore, India, the UK, Germany, Italy, and South Africa, distributing Atlas RAT, RomulusLoader, and SilentRunLoader via DLL side-loading techniques.

A previously unreported threat cluster, OP-512, has been observed targeting Microsoft IIS servers to deploy a custom Web Shell framework. This espionage-focused operation is assessed to originate from China. ReliaQuest stated that OP-512 may be conducting espionage through compromised IIS web servers, with target sectors and geographic locations aligning with Chinese intelligence priorities. The Web Shell framework supports file management and authenticated command execution.

An unknown threat actor successfully monitored the Outlook mailbox of a senior member of an unnamed global stock exchange for at least five months. The attacker deployed an email stealer to collect email data every 2-4 weeks, exfiltrating information in small batches via Dropbox and Microsoft OneDrive Personal to avoid detection. The earliest signs of malicious activity were observed on October 10, 2025, with data exfiltration operations continuing until March 2026.

Key vulnerabilities this week involve multiple products and platforms, including SolarWinds Serv-U, FFmpeg, Cisco Catalyst SD-WAN Manager, Cisco Unified Communications Manager, Everest Forms Pro plugin, Google Android, PCTCore64.sys, Verizon IMS network, Appsmith, Collibra Agent, HP Poly Voice, Themeum Kirki plugin, Redis, Acer Wave 7 router, Securly, Google Chrome, Broadcom VMware Cloud Foundation Operations, UniFi OS Server, Hugging Face, Microsoft Edge, Apache ActiveMQ, Ivanti ISTM, laravel/framework, KMW CCTV cameras, TP-Link Archer BE450 and BE7200, StrongDM, IBM WebSphere, and MCP Toolbox.

The Five Eyes alliance released an advisory claiming that China's military intelligence departments are using professional social networking sites like LinkedIn, Indeed, and Upwork to recruit individuals with access to government, military, foreign policy, or sensitive economic information. The report stated the goal is to obtain privileged military, political, and economic intelligence. Targeted individuals are offered payment in exchange for information, with payments potentially made through platforms such as PayPal, Zelle, Wise, Western Union, and cryptocurrency.

Meta revealed that a recent attack abusing AI support tools may have affected 20,225 Instagram accounts. Attackers instructed the Meta chatbot to link the attacker's own email address to the target account to reset passwords and gain control, with many high-profile accounts subsequently sold on the dark web. The exploitation was discovered on May 31, 2026. A vulnerability was also disclosed in Instagram's web-based password reset process that exposed users' unedited email addresses and phone numbers.

Sophos discovered that an XMRig cryptocurrency miner binary was bundled with a signed version of the Hola browser installer for Windows. Hola attributed the anomaly to a supply chain compromise affecting its update distribution pipeline. Malicious npm packages targeted AI companies, luxury brands, and venture capital firms to deploy malware, releasing malware variants disguised as AI coding tools. Two malicious npm packages, turbo-axios and faster-axios, targeted developers of the popular axios HTTP client, spreading the Epsilon Stealer information stealer via post-install hooks. The malicious npm package cms-store-ren collected data from developer machines and sent it to a Telegram channel, while also leaking its own bot API token.

French and Spanish authorities, supported by Europol, dismantled a fake document production facility in Alicante, Spain, seizing approximately 800 forged European documents and related equipment. The facility sold fake IDs to migrant smuggling rings operating in Europe. A former IBM cybersecurity executive accused the company of covering up intrusions three times over the past decade after attacks by foreign government hackers. A new variant of the Gafgyt botnet, C0XMO, targeted DD-WRT router firmware by exploiting a stack buffer overflow vulnerability, with activity detected in March 2026. The malicious PyPI package Parsimonius deployed a Telegram-based backdoor, accumulating 2,474 downloads before being removed.

Analysis of the Windows version of the VECT ransomware revealed additional vulnerabilities that could cause files to be renamed, partially encrypted, or damaged in ways irreversible by the attacker's decryptor. Recorded Future revealed that Iran's Ministry of Intelligence may expand the use of the Handala persona to include external physical and influence operations targeting U.S. and Israeli interests. A new Android banking trojan, OverlayPhantom, targeted over 180 apps across 10 countries via malicious URLs, stealing credentials through fake overlays and real-time screen sharing. Threat actors used fake copyright infringement notice emails targeting Chrome extension developers to steal Google usernames and passwords.

Trail of Bits stated it could bypass ClawHub, Cisco's malicious skill scanner, push malicious skills to the public skill marketplace, and steal data from developer systems. Phishing emails themed around payment orders were used to distribute Remcos RAT. A new cybercrime brand, Pink, utilized voice phishing for initial access, primarily targeting data theft and extortion. CAI is an open-source framework for building AI agents, supporting over 300 AI models and including built-in tools for reconnaissance, exploitation, privilege escalation, and security assessment. PMG is a free, open-source tool that blocks malicious open-source packages before installation, using SafeDep threat intelligence to check packages.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com

China
America
Information and CommunicationInformation Security and Data Security Engineering
Previous:Amazon Launches AI Custom Product Design Feature in the US
Next:Vertiv Signs AI Data Center Agreement with Multiple Parties in UAE and Saudi Arabia
Related Products
Negotiable
Intelligent Operations and Maintenance Solutions
Chengdu Yunda Technology Co., Ltd.
Negotiable
Conveyor Belt Intelligent Monitoring System
LUO YANG WIRE ROPE INSPECTION TECHNOLOGY CO., LTD.
Negotiable
Office Data Leakage Prevention Solution
Sangfor Technologies Inc.
Negotiable /Set
Bolande Application Server Software V9.5
Beijing Baolande Software Corporation
Negotiable
Unmanned Driving FAO
UniTTEC Co., Ltd.
Negotiable
Direct Burial Cable GYHTY53
ETERN GROUP COMPANY LIMITED
Negotiable
Single-mode Fiber G.652B
SHENZHEN SDG INFORMATION CO., LTD.
Negotiable
G.652.D Wavelength-extended Non-dispersion Shifted Single-mode Optical Fiber
HONGAN GROUP CO., LTD.
Negotiable
Comprehensive Mining Automation Control System
Beijing Tianma Intelligent Control Technology Co., Ltd.
Negotiable
GYTA Type Non-Self-Supporting Aerial/Duct Optical Cable
TONGDING INTERCONNECTION INFORMATION CO., LTD.
Negotiable /Set
GNSS
Kingmach Measurement & Monitoring Technology Co., Ltd.
Negotiable
Mine Explosion-proof and Intrinsically Safe Industrial Ethernet Ring Network (10 Gigabit/Gigabit)
Chongqing Mas Sci&Tech Co., Ltd.
Related Recommendations
China's X Square Robot Open-Sources Robot-Free Data Collection Framework
2026-06-15
UK's Lacuna Space Develops LPWAN-Based Satellite IoT Technology
2026-06-15
China's Moonshot AI Kimi Credit Card Opens Pre-registration for AI-Native Credit Card
2026-06-15
China's AAEON Achieves IEC 62443-4-1 Certification to Secure Industrial AI Platforms
2026-06-15
China Shenzhen Zhongyi Group says robots will be commercially deployed at scale by 2026, having already served over 1.3 million units
2026-06-15
Western Australia to Establish AUD 10 Million AI Fund and Centre of Excellence
2026-06-15
HarmonyOS Open-Sources AI Stability Diagnosis Capability, Xiaohongshu Among First to Integrate
2026-06-15
Indonesia's Ganesha and Hengshenghuo Reach Preliminary Consensus on Southeast Asian Market Cooperation
2026-06-15
China's Dreame Eclix to Launch AI Phone
2026-06-15
Sunflower Launches Home PC Remote Private Cloud Solution
2026-06-15
Lastest Bulletin
1
BMW launches humanoid robot testing at Leipzig plant
2
Italy's Legor Partners with US Firm Tritone for Gold and Platinum 3D Printed Jewelry
3
China's Moore Threads Completes Day-0 Adaptation of MiniMax M3 Model on MTT S5000
4
HIE invests £1.2 million in new industrial units at Forres Enterprise Park
5
Midland Plastics Appoints Brian Torres as President
6
Berlin Packaging Acquires O.Berk to Expand Rigid Packaging Business
7
China's First Drive Technology Unveils Channel Expansion Plan at South China Expo, Targeting 10,000 Stores
8
China's First Drive Technology Unveils Multiple AI-Powered Two-Wheeler New Models at South China Exhibition
9
Celanese Closes Ulsan Plant in South Korea, Transfers Capacity to China and India
10
India's Anupam Rasayan becomes world's first to produce ETFA via flow chemistry