Config Files That Run Code: Supply Chain Security Blindspot
5 hours ago
- #GitHub attacks
- #AI coding agents
- #cybersecurity
- A variant of the Miasma worm injects a 4.3 MB dropper into GitHub repositories belonging to multiple maintainers.
- The worm is designed to automatically execute through configuration files used by Claude Code, Gemini, Cursor, and VS Code AI coding agents.
- The attack targets AI coding agents and is specifically distributed via GitHub repositories; it is not spread through npm packages.