Miasma worm hits 73 Microsoft GitHub repositories, injects persistence into Claude Code and VS Code  ·  IronWorm infects 36 npm packages  ·  Everest Forms Pro CVSS 9.8 RCE actively exploited  ·  CYBERSIP.NET  ·  ISSUE 55
CYBERSIPTM
Daily Cyber Brief  ·  Intelligence Without the Noise
Issue No. 55June 6, 2026cybersip.net
Issue No. 55  ·  June 6, 2026  ·  3 active items  ·  Under 5 min read
Today’s picture
The Miasma supply chain worm reached Microsoft’s GitHub repositories on June 5, forcing GitHub to disable 73 repositories across four Microsoft organisations including Azure, Azure-Samples, Microsoft, and MicrosoftDocs. The worm entered via a compromised contributor account and used a new evasion technique researchers have named Phantom Gyp, which hides execution in a binding.gyp file that most security tools do not monitor. Separately, a new npm supply chain attack called IronWorm infected 36 packages with infostealer malware on June 4. And Everest Forms Pro, a WordPress plugin, is under active exploitation via CVE-2026-3300, a CVSS 9.8 remote code execution flaw that gives attackers complete control of affected sites.
Threat snapshot
3 active items · 2 monitoring
Miasma worm / 73 Microsoft repos disabled IronWorm / 36 npm packages Everest Forms Pro CVSS 9.8 / active RCE 3 items this issue
June 5Miasma WormSupply Chain
Miasma worm hits 73 Microsoft GitHub repositories. New Phantom Gyp evasion bypasses install-script monitoring. Persistence injected into Claude Code and VS Code on developer machines.
GitHub disabled the affected repositories after a malicious commit reached Azure/durabletask via a compromised contributor account. The worm steals cloud credentials, GitHub tokens, CI/CD secrets, and propagates itself by republishing to other packages the compromised identity can write. The same wound that opened in May via the Nx Console campaign reopened here.
June 4npmIronWorm
IronWorm infects 36 npm packages with infostealer malware. Second distinct npm supply chain campaign in the same week as Miasma.
BleepingComputer confirmed June 4. IronWorm is a separate campaign from Miasma, targeting different packages. Any project that ran npm install this week should be audited for exposure to both campaigns. Check installed package versions against known compromised lists.
June 5WordPressActive RCE
Everest Forms Pro CVE-2026-3300 CVSS 9.8 actively exploited. Remote code execution on any site running a vulnerable version. Complete site compromise confirmed.
Affects all versions up to and including 1.9.12. Roughly 4,000 active installations. The flaw allows arbitrary code execution through a crafted file upload. This is the fifth distinct WordPress or CMS plugin exploitation campaign in the past week.
Detailed intelligence
Full analysis
01 Miasma Supply Chain Worm
Miasma worm reaches Microsoft’s GitHub repositories. 73 repos disabled. Phantom Gyp bypass evades install-script monitoring. Developer tools used as persistence vectors.
Miasma · TeamPCP · June 5
The worm entered Microsoft’s Azure/durabletask repository on June 5 via a compromised contributor account, then spread across 73 repositories in four Microsoft GitHub organisations before GitHub disabled them. A new evasion technique uses a 157-byte binding.gyp file to execute malicious code during npm install, bypassing the preinstall and postinstall hooks that most security tools watch.
Executive Impact
Any developer who ran npm install against an affected package during the compromise window should treat all secrets reachable from that machine as exposed. This includes GitHub tokens, AWS credentials, Azure identities, GCP credentials, Kubernetes configs, npm tokens, and any CI/CD secrets. Rotate all of them. Check whether Claude Code or VS Code received unexpected configuration changes, as the worm specifically injects persistence into both tools.
Don’t Miss
Security researcher Paul McCarty noted that Azure/durabletask was the repository at the root of last month’s Nx Console supply chain compromise. The same credential that was compromised in May was still valid in June, which is what allowed this wave. A credential rotation after the May incident would have closed the door. That did not happen, and the same wound reopened a month later across a much wider blast radius. The lesson is not that the Miasma worm is unstoppable. It is that credential rotation after a known supply chain compromise is not optional housekeeping. It is the action that prevents the next wave.
CyberSip Take
Miasma started with Red Hat npm packages on June 1. It spread to vapi-ai on June 3. It reached Microsoft on June 5. The worm propagates using stolen npm tokens to republish itself to other packages the compromised identity can write. Every credential rotation that did not happen after the Nx Console campaign in May is a door that stayed open for this one. Rotate developer credentials now if you have not since the May supply chain wave.
What happened

The Miasma worm, attributed to the TeamPCP cluster and first identified on June 1 targeting Red Hat’s @redhat-cloud-services npm namespace, reached Microsoft’s GitHub organisations on June 5. A malicious commit was pushed to Azure/durabletask using a previously compromised contributor account, and GitHub disabled 73 repositories across the Azure, Azure-Samples, Microsoft, and MicrosoftDocs organisations as a result.

The latest Miasma variant uses a new evasion technique that researchers at StepSecurity have named Phantom Gyp. Instead of placing malicious code in the preinstall or postinstall npm lifecycle hooks that security tools typically monitor, the attacker abuses a 157-byte binding.gyp file to trigger code execution during npm install. Most install-script security checks do not monitor binding.gyp files, allowing the payload to execute without triggering alerts. The payload is a multi-cloud credential harvester that scans for AWS, Azure, GCP, Vault, Kubernetes, npm, and GitHub secrets, exfiltrates them to attacker-created public GitHub repositories as encrypted JSON files, and then uses stolen npm OIDC tokens to republish itself to other packages the compromised identity can write.

The worm also establishes persistence on developer machines by injecting a SessionStart hook into Claude Code installations and a tasks.json entry with a folderOpen trigger into Visual Studio Code project configurations. Both techniques ensure the worm re-executes each time the developer opens a project in either tool. The root compromise behind the Microsoft wave appears to be the same credential that was involved in the Nx Console supply chain attack last month, which was not fully rotated after that incident.

Recommended actions
Derived from The Hacker News, StepSecurity, upwind.io, and safedep.io reporting on Miasma, June 1–6, 2026.
02 npm IronWorm
IronWorm infects 36 npm packages with infostealer malware. A second distinct npm supply chain campaign running simultaneously with Miasma.
IronWorm · npm · June 4
BleepingComputer confirmed on June 4 that a new supply chain attack named IronWorm infected 36 packages on the npm registry with credential-stealing malware. The campaign is distinct from Miasma and targets a different set of packages.
Executive Impact
Two simultaneous npm supply chain campaigns mean the scope of potential exposure from this week’s npm installs is broader than either campaign alone. Any JavaScript project that ran npm install this week should be audited against the IOC lists for both IronWorm and Miasma. The credential theft risk is the same as Miasma: tokens and keys reachable from the developer’s machine at install time.
Don’t Miss
Two separate supply chain campaigns hitting the npm registry in the same week, one of which then escalated to compromise GitHub repositories at Microsoft, marks a qualitative shift in npm supply chain attack frequency. The TanStack and Nx Console compromises in May, the IronWorm and Miasma campaigns this week, and the CISA KEV triple from Issue 46 all point to the npm ecosystem as the primary active supply chain attack surface right now. Treating npm packages as a trusted dependency source without continuous monitoring of installed versions against known IOC feeds is no longer a viable posture for teams shipping production software.
CyberSip Take
IronWorm and Miasma are running at the same time. Checking your packages against one IOC list and not the other leaves half the exposure unaddressed. Run both. Lock your npm dependency versions in CI pipelines and pin to specific known-good hashes where possible. The window between a compromised package being published and being discovered is short, but short is not zero.
What happened

BleepingComputer reported on June 4 that a new supply chain attack named IronWorm infected 36 packages on the npm registry with infostealer malware. The campaign uses a different attack vector and targets a different set of packages than the Miasma campaign that began June 1, making them two concurrent but independent supply chain threats on the same registry.

IronWorm installs credential-stealing malware at install time, harvesting tokens and secrets from developer machines and CI/CD environments. The specific packages affected and the full technical details of IronWorm’s infection mechanism were still being documented at time of reporting. Security teams should check their package lists against the IronWorm indicators published by BleepingComputer alongside the Miasma IOC lists.

Recommended actions
Derived from BleepingComputer reporting on IronWorm, June 4, 2026.
03 WordPress Active RCE CVSS 9.8
Everest Forms Pro CVE-2026-3300 CVSS 9.8 actively exploited. Arbitrary code execution via crafted file upload. Complete site compromise confirmed in the wild.
CVE-2026-3300 · CVSS 9.8
Threat actors are exploiting a remote code execution flaw in Everest Forms Pro, affecting all versions up to and including 1.9.12, to execute arbitrary code on affected WordPress installations and achieve full site compromise.
Executive Impact
Remote code execution on a WordPress server means the attacker controls the application, the database, and any credentials or keys accessible from the web server process. Update Everest Forms Pro immediately and audit affected sites for indicators of compromise: unexpected files in the uploads directory, unusual database entries, and any recently created user accounts.
Don’t Miss
This is the fifth distinct WordPress or CMS plugin exploitation campaign in seven days: WP Maps Pro on June 1, Kirki and Ghost CMS on June 2, Burst Statistics alongside Kirki on June 3, and Everest Forms Pro today. The concentration suggests that WordPress plugin attack campaigns are being run in coordinated waves rather than opportunistically. When one campaign finds success at scale, others follow within hours targeting adjacent plugin categories. Organisations managing multiple WordPress sites should treat the entire plugin surface as under active scanning right now, not just the plugins named in individual advisories.
CyberSip Take
Five WordPress campaigns in a week. The patch and audit sequence is the same every time: update the plugin, check the uploads directory for unexpected files, review recently created user accounts, and look at server-side access logs for the exploit pattern. Having that procedure automated or scripted across managed sites is the difference between responding to one campaign at a time and staying ahead of the wave.
What happened

The Hacker News and WIU Cybersecurity Center reported on June 5 that threat actors are actively exploiting CVE-2026-3300, a CVSS 9.8 remote code execution vulnerability in Everest Forms Pro, a WordPress form builder plugin with approximately 4,000 active installations. The flaw affects all versions up to and including 1.9.12 and allows attackers to execute arbitrary code by uploading a crafted file to an affected site, resulting in complete site compromise.

Everest Forms Pro is a premium WordPress plugin used to build contact forms, payment forms, and multi-step forms. The file upload validation failure that enables CVE-2026-3300 is the same class of vulnerability as several prior WordPress plugin RCEs this month, suggesting the attack wave is methodically targeting form and upload handling components across the plugin ecosystem. A patched version is available from the plugin developer.

Recommended actions
Derived from The Hacker News and WIU Cybersecurity Center reporting on CVE-2026-3300, June 5, 2026.
Still watching
Aging items · days 2–6
Items here remain operationally relevant but have no significant new developments. They drop off after 7 days.
CISA KEV supply chain triple (Issue 46). DAEMON Tools, TanStack, Nx Console. June 10 deadline — 4 days away. Update software, SCA for TanStack transitive dependencies, rotate developer credentials. Day 7
Cisco Unified CM CVE-2026-20230 (Issue 54). SSRF to root, PoC public. Disable WebDialer if enabled, patch to 14SU6 or 15SU5. Cisco has not yet confirmed active exploitation. Day 2
Cross-source standouts
01
The Miasma worm is teaching us what incomplete incident response looks like at scale
The Nx Console supply chain attack breached GitHub, OpenAI, Mistral, and Grafana in May. Credentials from that attack were not fully rotated. The same credentials opened the door for Miasma at Azure/durabletask in June, disabling 73 Microsoft repositories. Security researcher Paul McCarty described it directly: when the repository at the root of last month’s compromise is the hub of this month’s takedown, that is not a coincidence. That is the same wound reopening. Incident response is not complete when the affected software is patched. It is complete when all credentials that could have been exposed are rotated and confirmed revoked.
02
The npm ecosystem is under simultaneous attack from multiple independent campaigns
Miasma started June 1 with Red Hat packages and reached Microsoft on June 5. IronWorm hit 36 separate packages on June 4. TanStack was compromised via trusted publishing in May and reached CISA KEV in Issue 46. The Nx Console attack in May used a VS Code extension as an entry point to npm package trust. Four separate supply chain campaigns targeting the npm ecosystem inside thirty days, each using a different technique, each run by a different actor. The appropriate response is not to treat each one as an isolated event. It is to treat npm package installation as an activity that requires continuous monitoring of installed versions against known compromised lists, not a one-time check at the point of installation.
Our methodology
  • Federal cybersecurity advisories
  • Law enforcement threat bulletins
  • National vulnerability databases
  • Major vendor security advisories
  • Cross-referenced for relevance and corroboration
About CyberSip
A cyber brief for leaders and practitioners who need signal, not noise. Intelligence without the noise, published on cybersip.net.

CyberSip aggregates cybersecurity information from publicly available sources for informational purposes only. CyberSip does not provide legal, technical, incident response, or compliance advice, and makes no guarantee regarding completeness, accuracy, or timeliness. Organizations should validate all findings within their own environments and consult qualified professionals as appropriate. Original advisories, remediation guidance, and technical details remain with the referenced source organizations. Items remain active for no more than 7 days from publication unless materially updated.