Skip to content
SecurityDevOps

GitHub scrubs 70+ Microsoft repos as Miasma worm breaks CI/CD pipelines

theregister / security 6h ago 9

GitHub disabled over 70 Microsoft repositories in under two minutes after detecting the Miasma worm spreading through compromised contributor commits. The attack began with a malicious commit to Azure/durabletask that dropped config files triggering remote code execution when developers opened repos in IDEs or AI coding tools. The mass takedown broke CI/CD pipelines worldwide, including Azure/functions-action, and researchers believe unrotated tokens from a prior PyPi attack allowed the worm to re-infect Microsoft's open source ecosystem.

Read full article →

More Security

Anthropic embeds engineers in NSA to deploy Mythos for offensive cyber operations

tldr / ai 20h ago 9

Anthropic embedded engineers in the NSA to deploy its unreleased Mythos AI for offensive cyber operations, even as it sues the Pentagon over military AI restrictions.

Ubiquiti Patches Critical UniFi OS Flaws Enabling Unauthenticated Root RCE

tldr / infosec 20h ago 9

Ubiquiti patched three critical UniFi OS flaws that chain into unauthenticated root RCE with CVSS 10.0 scores, requiring immediate patching and full credential rotation.

Microsoft Launches Logic Apps Automation SaaS with Built-In AI Agents and RAG

infoq / architecture-design 12h ago 8

Microsoft unveils Azure Logic Apps Automation, a managed SaaS for building production-grade AI automations without integration developers, featuring built-in RAG, agent support, and zero infrastructure assembly.