Malicious commit incidents
8 confirmed incidents involving the malicious-commit technique.
- containedcritical
Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents
On June 5, 2026, the Miasma worm campaign compromised Microsoft's Azure GitHub organizations by pushing a malicious commit to the Azure/durabletask repository using a compromised contributor account. GitHub disabled 73 repositories across four Microsoft organizations after configuration files were planted to harvest credentials when developers opened repositories in AI coding agents like Claude Code, Gemini CLI, Cursor, or VS Code.
MiasmaAI agents & skillsMalicious commitAccount takeover - activecritical
Miasma npm Supply Chain Attack: Self-Spreading Worm via Phantom Gyp
A self-replicating worm named Miasma is spreading across the npm registry by injecting malicious code into binding.gyp files, which execute during npm install without requiring package.json script modifications. The attack has already compromised dozens of packages across multiple maintainer accounts and evades conventional security detection.
MiasmanpmCompromised packageMalicious commit - containedcritical
Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets
On May 22, 2026, an attacker with push access to the Laravel-Lang GitHub organization rewrote git tags across multiple Composer packages to distribute malicious payloads that exfiltrate CI secrets. The attack affected laravel-lang/http-statuses, laravel-lang/actions, and laravel-lang/attributes, targeting developers who ran composer update or fresh installations.
OtherAccount takeoverMalicious commit - activehigh
Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware
A supply chain campaign dubbed "Mini Shai Hulud" targeted SAP npm packages with malicious versions containing credential-stealing malware. The campaign follows patterns similar to previous Shai-Hulud attacks.
Mini Shai HuludShai-HuludnpmCompromised packageMalicious commit - activehigh
Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign
A coordinated supply chain campaign dubbed "prt-scan" involved a single attacker controlling six GitHub accounts to exploit the pull_request_target GitHub Actions trigger. The campaign represents a follow-up to the earlier hackerbot-claw campaign, targeting CI/CD workflows with AI-powered attack methods.
prt-scanOtherMalicious commitAccount takeover - activehigh
Axios NPM Distribution Compromised in Supply Chain Attack
A compromised axios maintainer account led to malicious npm releases affecting projects with active dependencies on the package. The incident involved unauthorized releases propagated through the npm distribution network.
UNC1069npmAccount takeoverMalicious commit - containedcritical
Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack
On March 19, 2026, threat actors attributed to "TeamPCP" injected credential-stealing malware into Aqua Security's Trivy scanner and related GitHub Actions. The compromise affected the supply chain of a widely-used container security tool, potentially exposing credentials and secrets in CI/CD environments.
TeamPCPContainer registryOtherCompromised packageMalicious commit - containedcritical
xygeni-action Compromised: C2 Reverse Shell Backdoor Injected via Tag Poisoning
The official Xygeni GitHub Action (xygeni-action) was compromised on March 3, 2026, via stolen maintainer credentials. An attacker injected a C2 reverse shell backdoor and moved the mutable v5 tag to the malicious commit, silently affecting all workflows referencing @v5. The v5 tag remained poisoned as of March 9, 2026.
OtherAccount takeoverMalicious commit