InfoSec Briefing - June 07, 2026

🎧 Audio Briefing

Playback Speed:

Cyber security developments for Sunday the 7th of June 2026 covering articles added to the BlueTeamSec community on infosec.pub. Today we have 3 articles to cover. All attribution is by the article authors. All article analysis is automated.

OpenSourceMalware have written up an incident from the 5th of June where GitHub's automated systems disabled 73 Microsoft repositories in just under two minutes after detecting the Miasma worm — a rebrand of TeamPCP's Mini Shai-Hulud toolkit. The worm compromised the durabletask package ecosystem, harvested Azure credentials, then propagated by creating public repositories with stolen secrets. What's particularly concerning here is that this appears to be a re-compromise, suggesting credentials from the initial May incident were never fully revoked.

A security researcher has disclosed a critical bug in VSCode's web-based editor that allows attackers to steal GitHub OAuth tokens with a single malicious link click. The exploit chains a Jupyter notebook with keyboard event manipulation and a malicious workspace extension to exfiltrate tokens with full repo access. Microsoft have implemented fixes including confirmation steps for opening notebooks and preventing keydown event bubbling in webviews.

And on a more positive note, Thinkst have released Package Proxy, an open-source tool that sits between developers and package repositories like npm and PyPI to enforce supply chain security policies. The tool blocks malicious packages using age-based filtering and integrity checks — and according to Thinkst, it successfully prevented installation of packages from the TanStack, BitWarden, and TeamPCP supply chain compromises we've been tracking over recent weeks.

That concludes today's briefing.

📰 Articles Covered

The Blight Reaches Microsoft: 73 Repos Disabled in 105 Seconds - OpenSourceMalware

This precis summarizes the recent security incident involving the Miasma worm and its impact on Microsoft’s GitHub infrastructure.

### Incident Overview
On June 5, 2026, GitHub’s automated abuse detection systems disabled 73 repositories across four major Microsoft organizations—`Azure`, `Azure-Samples`, `microsoft`, and `MicrosoftDocs`—within a 105-second window 【1】【1】. The takedown was triggered by the presence of the "Miasma" worm, which had compromised the `durabletask` package ecosystem 【1】【1】.

### Who is Affected
* **Microsoft:** 73 repositories across four primary organizations were taken offline, disrupting critical infrastructure 【1】.
* **Developers/Users:** Organizations and developers relying on affected GitHub Actions (such as `Azure/functions-action`) for continuous integration (CI) pipelines experienced global disruptions 【1】.

### Technical Details
* **The Worm:** Miasma is a rebrand of the "Mini Shai-Hulud" toolkit, which was previously open-sourced by the threat actor TeamPCP 【1】.
* **Credential Harvesting:** Unlike its predecessors, Miasma specifically targets Azure CLI authentication caches and managed-identity tokens 【1】.
* **Propagation Mechanism:** The worm propagates by creating public GitHub repositories (often titled "Miasma: The Spreading Blight") and committing harvested secrets as JSON files into the victim's account 【1】.
* **Execution Signature:** The malware uses `preinstall` scripts that invoke the Bun runtime to execute an obfuscated `_index.js` loader 【1】.

### Security Implications
This incident represents a "re-compromise" of the Durable Task ecosystem, suggesting that the initial credentials stolen in May were never fully revoked 【1】【1】. The ability of the worm to harvest cloud-native credentials poses a significant risk to any environment where these compromised packages were utilized, as attackers can move laterally from CI/CD pipelines into cloud production environments 【1】.

### Recommendations for Defenders
* **Pin Actions:** Stop using mutable tags (e.g., `@v1`) for GitHub Actions. Pin all actions to a full commit SHA to ensure predictable failure if a repository is compromised or removed 【1】.
* **Rotate Credentials:** Immediately rotate all potentially exposed credentials, including Azure CLI tokens, managed-identity credentials, GitHub Actions OIDC tokens, and any npm/PyPI publish tokens 【1】.
* **Hunt for Indicators:** Audit organizational accounts for unexplained public repositories, specifically those labeled "Miasma: The Spreading Blight," and search for JSON-formatted secrets committed to unauthorized locations 【1】.
* **Inspect Hooks:** Check for the presence of `preinstall` scripts that utilize Bun to run obfuscated JavaScript files 【1】.
* **Alternative Deployment:** Until affected actions are restored, utilize secure alternatives such as Azure CLI, Azure DevOps, or Zip Deploy 【1】.
1-Click GitHub Token Stealing via a VSCode Bug - Ammar Askar

The article by Ammar Askar details a critical security vulnerability in the VSCode web-based editor (`github.dev`) that could allow an attacker to exfiltrate a user's GitHub OAuth token through a single malicious link click.

### What Happened
An attacker can exploit a flaw in how VSCode webviews handle keyboard events to simulate user actions. By crafting a repository containing a malicious Jupyter notebook and a local workspace extension, an attacker can trick a user into automatically installing a malicious extension that exfiltrates their GitHub token.

### Who is Affected
Users of `github.dev` are primarily at risk. The vulnerability also exists in the desktop version of VSCode, though it is harder to exploit as it requires convincing a victim to clone a repository and open a specific notebook.

### Security Implications
The stolen GitHub token is not scoped to a single repository; it provides full access to all repositories the user has access to, including private ones. This allows an attacker to read and write to those repositories.

### Technical Details
* **The Vulnerability:** VSCode webviews bubble up `keydown` events to the main VSCode window to ensure keyboard shortcuts work seamlessly. However, there is no mechanism to prevent scripts running in an untrusted webview from emitting these events, effectively allowing the script to "pretend" to be the user.
* **The Exploit:** The attacker uses a Jupyter notebook to execute JavaScript that emits `keydown` events. These events trigger default VSCode shortcuts (e.g., `Ctrl+Shift+A` to accept a notification) to install a malicious local workspace extension. This extension then uses a custom keybinding to bypass publisher trust checks and execute arbitrary code, which is used to steal the GitHub token.

### What Defenders Should Know
* **Mitigation:** Users who have previously authorized `github.dev` are at risk. Clearing cookies and local site data for `github.dev` can reset the authorization state, requiring a new sign-in dialog that provides an opportunity to navigate away if an attack is suspected.
* **Status:** Microsoft has implemented fixes, including adding a confirmation step when opening notebooks in web VSCode and preventing the bubbling of `keydown` events in notebook webviews.
Enhance your Supply Chain Security with our Package Proxy Tool - Thinkst

Thinkst has introduced **Package Proxy**, a new tool designed to mitigate software supply chain attacks by enforcing security policies at the proxy level rather than relying on client-side software 【1】.

### What Happened
Thinkst developed and open-sourced Package Proxy to address the growing threat of malicious packages being injected into public repositories (e.g., npm, PyPI). Instead of requiring developers to configure individual package managers or install security agents, the proxy sits between the developer's environment and the package repository, intercepting requests and enforcing security rules before allowing a package to be downloaded 【1】.

### Who Is Affected
This tool is primarily intended for organizations and developers who rely on public package repositories and wish to reduce their exposure to supply chain compromises. It is particularly useful for teams with heterogeneous environments, as it provides a uniform security layer regardless of the specific package manager (e.g., `pip`, `npm`, `uv`) being used 【1】.

### Security Implications
The proxy provides automated protection against common supply chain attack vectors:
* **Age-Based Filtering:** By enforcing a minimum age for packages (e.g., 10 days), the proxy prevents the installation of "freshly baked" malicious packages that have not yet been identified and removed by repository maintainers 【1】.
* **Integrity Downgrade Prevention:** The proxy can block packages that exhibit suspicious behavior, such as a regression in integrity or changes in upload mechanisms, which are often indicators of a compromised account or build pipeline 【1】.
* **Proven Efficacy:** Thinkst reports that this approach successfully protected them from several high-profile incidents, including the TanStack, BitWarden, and TeamPCP supply chain compromises, as well as various malicious packages targeting common utility libraries 【1】.

### Technical Details
* **Deployment:** The source code is available on [GitHub](https://github.com/thinkst/package-proxy), and it supports 1-click deployment to Cloudflare Workers, making it easy to host and integrate into existing workflows 【1】.
* **Uniformity:** It abstracts away the differences between package managers. While different tools have varying capabilities for enforcing security (e.g., `pip` vs. `uv`), the Package Proxy ensures consistent policy enforcement across the entire organization 【1】.

### What Defenders Should Know
* **Proactive Defense:** Defenders do not need to react immediately to every new supply chain alert. By enforcing a grace period (e.g., 10 days), the proxy provides a buffer that historically allows enough time for malicious packages to be discovered and yanked from repositories 【1】.
* **Zero Client-Side Overhead:** Because the security checks occur at the proxy level, there is no need to deploy or maintain security software on developer machines or CI/CD runners, simplifying operational overhead 【1】.