[NEWSLETTER]score: 1.05

Miasma Toolkit Hijacks GitHub Orphan Commits to Poison AI Coding Tools

June 12, 2026

Miasma uses GitHub commit searches and orphan-commit hijacking in Actions to inject malicious payloads into Claude, Cursor, and VSCode. The attack targets secrets in cloud platforms and password managers, then propagates via npm, PyPI, and RubyGems using OIDC or stolen tokens.

HOW THIS AFFECTS YOU

●

builderIf your CI/CD pipeline or AI coding assistant pulls context from GitHub repos or Actions artifacts, you are a potential target — audit orphan-commit references and restrict OIDC token scopes immediately.

●

policyThis is a concrete, weaponized supply chain attack vector targeting AI tool integrations specifically, which may accelerate calls for stricter provenance requirements on AI coding assistant data sources.

read original ↗safedep.io

← back to feed