The Miasma worm, attributed to the TeamPCP cluster and first identified on June 1 targeting Red Hat’s @redhat-cloud-services npm namespace, reached Microsoft’s GitHub organisations on June 5. A malicious commit was pushed to Azure/durabletask using a previously compromised contributor account, and GitHub disabled 73 repositories across the Azure, Azure-Samples, Microsoft, and MicrosoftDocs organisations as a result.
The latest Miasma variant uses a new evasion technique that researchers at StepSecurity have named Phantom Gyp. Instead of placing malicious code in the preinstall or postinstall npm lifecycle hooks that security tools typically monitor, the attacker abuses a 157-byte binding.gyp file to trigger code execution during npm install. Most install-script security checks do not monitor binding.gyp files, allowing the payload to execute without triggering alerts. The payload is a multi-cloud credential harvester that scans for AWS, Azure, GCP, Vault, Kubernetes, npm, and GitHub secrets, exfiltrates them to attacker-created public GitHub repositories as encrypted JSON files, and then uses stolen npm OIDC tokens to republish itself to other packages the compromised identity can write.
The worm also establishes persistence on developer machines by injecting a SessionStart hook into Claude Code installations and a tasks.json entry with a folderOpen trigger into Visual Studio Code project configurations. Both techniques ensure the worm re-executes each time the developer opens a project in either tool. The root compromise behind the Microsoft wave appears to be the same credential that was involved in the Nx Console supply chain attack last month, which was not fully rotated after that incident.
- If your team ran npm install against any @redhat-cloud-services, @vapi-ai, or Azure durabletask packages this week, rotate all developer credentials immediately: GitHub tokens, cloud provider keys, npm tokens, Kubernetes configs, and CI/CD secrets.
- Audit Claude Code session configuration files and VS Code tasks.json files on developer machines for unexpected entries, particularly any SessionStart hooks or folderOpen tasks that were not added by your team.
- Check your installed npm packages against the StepSecurity and StepSecurity Miasma IOC databases for compromised package versions. Do not rely solely on checking current package versions, as lock files may reference compromised historical versions.
- Enable or audit your npm install security tooling to monitor binding.gyp file execution, not only preinstall and postinstall hooks. The Phantom Gyp technique will bypass tools that only watch lifecycle scripts.
BleepingComputer reported on June 4 that a new supply chain attack named IronWorm infected 36 packages on the npm registry with infostealer malware. The campaign uses a different attack vector and targets a different set of packages than the Miasma campaign that began June 1, making them two concurrent but independent supply chain threats on the same registry.
IronWorm installs credential-stealing malware at install time, harvesting tokens and secrets from developer machines and CI/CD environments. The specific packages affected and the full technical details of IronWorm’s infection mechanism were still being documented at time of reporting. Security teams should check their package lists against the IronWorm indicators published by BleepingComputer alongside the Miasma IOC lists.
- Check installed npm packages against IronWorm’s published list of compromised packages from BleepingComputer’s June 4 report, alongside the Miasma IOC list from StepSecurity.
- Rotate credentials on any developer machine or CI/CD runner that installed affected packages. The credential theft risk is identical to Miasma: anything accessible at install time on the affected machine.
The Hacker News and WIU Cybersecurity Center reported on June 5 that threat actors are actively exploiting CVE-2026-3300, a CVSS 9.8 remote code execution vulnerability in Everest Forms Pro, a WordPress form builder plugin with approximately 4,000 active installations. The flaw affects all versions up to and including 1.9.12 and allows attackers to execute arbitrary code by uploading a crafted file to an affected site, resulting in complete site compromise.
Everest Forms Pro is a premium WordPress plugin used to build contact forms, payment forms, and multi-step forms. The file upload validation failure that enables CVE-2026-3300 is the same class of vulnerability as several prior WordPress plugin RCEs this month, suggesting the attack wave is methodically targeting form and upload handling components across the plugin ecosystem. A patched version is available from the plugin developer.
- Update Everest Forms Pro to the patched version immediately across all managed WordPress installations.
- Audit the WordPress uploads directory and any directories accessible from the web server for unexpected PHP files, web shells, or recently uploaded executables that may indicate prior exploitation.
- Review WordPress access logs for POST requests to Everest Forms Pro upload endpoints and check for unexpected user accounts with elevated privileges created recently on affected sites.