GitHub took the extraordinary step of automatically disabling 73 Microsoft-owned repositories across four organizations (Azure, Azure-Samples, microsoft, and MicrosoftDocs).
This massive, rapid shutdown—which was triggered automatically and executed in just 105 seconds—occurred after security systems detected that a threat actor had infiltrated Microsoft’s open-source repositories to launch a highly sophisticated software supply-chain attack.
The Threat Vector: Weaponizing the “Folder Open” in AI Tools
The attack was carried out via a malware strain known as Miasma (a self-replicating variant of the Mini Shai-Hulud worm engineered by a threat group called TeamPCP).
What makes the Miasma worm uniquely dangerous is how it completely flips the traditional software threat model. Historically, a developer had to actively compile or install an npm/PyPI package to trigger malicious code. Miasma, however, targeted the act of simply opening a folder within modern, highly integrated coding environments.
[Compromised Contributor Account] ──► Pushes malicious commit to Azure repository
│
▼
[Poisoned Configuration Files]
Triggers silently the moment a folder is opened in:
VS Code • Cursor • Claude Code • Gemini CLI
│
▼
[Credential Theft & Expansion]
Steals cloud/dev tokens ──► Worm spreads to other repos
By planting malicious configuration files, the worm weaponized the auto-run and hook engines that modern IDEs and AI coding agents use to index code bases. The exact moment an engineer opened an infected repository in tools like Visual Studio Code, Cursor, Claude Code, or Gemini CLI, the payload executed invisibly in the terminal background, harvesting cloud credentials and authentication tokens.
Major Casualties and Pipeline Disruption
Because the affected projects weren’t obscure side repositories, the sudden shutdown immediately caused chaos for automated deployment pipelines worldwide. Key codebases caught in the automated takedown included:
Azure/functions-action: The official GitHub Action utilized by thousands of global enterprise developers to deploy Azure Functions. Its abrupt removal broke CI/CD pipelines instantly, throwing a wave of automated errors.- The
durabletaskEcosystem: Core framework architecture spanning multiple programming languages including .NET, Go, Java, JavaScript, Python, and MSSQL. - High-Profile Samples: Widely duplicated open-source repositories like
azure-search-openai-demoand various LLM fine-tuning blueprints.
Security researchers from Cloudsmith and StepSecurity noted that this incident likely stems from an incomplete cleanup of an earlier breach. The exact same Microsoft durabletask ecosystem had suffered a minor PyPI credential-stealing infection in mid-May 2026. Because those original contributor credentials were not fully rotated, the threat actor managed to leverage the exact same compromised account to stage this far broader GitHub infrastructure assault.
Current Status and Recovery Protocols
Microsoft spokesperson Ben Hope confirmed the temporary repository removals, clarifying that they pulled the codebases offline to inspect and sanitize the environments.
As of this week, all 73 affected repositories have been completely scrubbed, verified clean, and restored to public access.
Critical Advisory for Developers: If you or your engineering teams cloned, pulled, or opened any of the impacted Azure or Microsoft sample repositories between June 2 and June 5, 2026, treat your local environment as compromised. Microsoft has begun directly contacting a small group of highly exposed customers, but security firms strongly urge all developers interacting with those repos during that window to immediately rotate all cloud deployment tokens, API keys, and local environment credentials.