Microsoft Disables 73 GitHub Repositories After Malware Compromise via Reused Credentials
Microsoft disabled 73 repositories across multiple GitHub organizations after threat actors used stolen GitHub Actions secrets to inject the Miasma worm into the codebase. The same credentials had been used in a previous attack in May 2026 that Microsoft failed to rotate, allowing the threat actor to gain access again. The incident affected multiple organizations including Azure and Azure-Samples, potentially impacting tens of thousands of customers who may have pulled malicious content.
GitHub disabled 73 Microsoft repositories after a threat actor exploited unrotated GitHub Actions secrets to compromise multiple organizations including Azure, Azure-Samples, microsoft, and MicrosoftDocs. The attacker, likely affiliated with TeamPCP, used credentials stolen during a previous incident in May 2026 to plant the Miasma worm across the repositories. The Azure organization was most heavily impacted, losing 49 repositories including critical Functions team resources. Microsoft confirmed the incident and stated it notified affected customers, though the company could not specify how many were impacted. Some repositories have been restored after review while others remain offline pending investigation. The incident demonstrates significant operational risk, as malicious code in these libraries could have affected downstream pipelines and workflows that depend on them.
What's missing
The articles do not clarify the timeline between the May 2026 incident and the current compromise, or provide details about how the initial credentials were stolen. Additionally, there is limited information about the specific functionality of the Miasma worm or what data it may have exfiltrated beyond being classified as an infostealer.
How coverage differed
TechRadar's coverage is factual and technical, focusing on the security mechanics and impact. The source emphasizes Microsoft's failure to rotate credentials as a critical security lapse, presenting this as a preventable incident rather than framing it as an external attack beyond Microsoft's control.
What different sources said
- TechRadarCenter
Microsoft disables over 70 GitHub repos after hackers compromised them with dangerous malware
Related
Advanced Headlight Technology Legal in Europe and Canada Remains Banned in the United States
Adaptive driving beam (ADB) headlights that reduce glare by automatically dimming when detecting oncoming vehicles are widely used in Europe, Asia, and Canada but remain illegal in the United States despite being technically available in American vehicles. The technology uses LED pixels to intelligently adjust light patterns, addressing widespread complaints about increasingly bright headlights from modern SUVs and pickup trucks. The ban stems from outdated U.S. regulations requiring separate low and high beams, which the National Highway Traffic Safety Administration declined to update to international standards even after Congress authorized changes in 2021.
Linux Kernel Logic-Inversion Bug Enables Local Privilege Escalation Across Major Distributions
A single-character logic-inversion bug (CVE-2026-23111) in the Linux kernel was discovered in early 2025, allowing local privilege escalation and potential full device takeover with a severity score of 7.8/10. The vulnerability affects major Linux distributions including Debian, Ubuntu, and Red Hat Enterprise Linux, though exploitation requires specific conditions including nf_tables enabled and unprivileged user namespaces. The discovery highlights a broader surge in Linux kernel vulnerabilities and strains on maintainers dealing with AI-generated bug reports.
Nintendo Confirms Legend of Zelda: Ocarina of Time Remake Coming in 2026
Nintendo of America released a teaser trailer confirming a remake of The Legend of Zelda: Ocarina of Time is in development with a 2026 release window. The original N64 game, released nearly 30 years ago, is considered one of the greatest video games ever made and has never received a full HD remake for modern consoles. The announcement addresses long-standing fan demand for a next-generation version of the classic title.