Miasma supply-chain attack toolkit goes public on GitHub

https://image.theregister.com/5242669.jpg?imageId=5242669&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

Miasma worms its way onto GitHub as attack kit goes open source

As if there weren't enough package poisonings to worry about

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire Miasma worm supply-chain attack toolkit, likely using previously compromised developers' accounts to publish GitHub repositories containing the self-spreading malware’s source code over the last 24 hours.

SafeDep, a company focused on open source supply chain security that developed Package Management Guard (PMG), spotted the malicious repos, named “Miasma-Open-Source-Release,” and said that they started appearing on Monday. Its researchers analyzed one of these before GitHub nixed it, and described the code as more than just a supply chain worm.

“It is a full supply chain attack toolkit that allows the operator to execute various attacks via stolen credentials against arbitrary or targeted packages on public registries (PyPI, npm, RubyGems),...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more

https://images.ft.com/v3/image/raw/https%3A%2F%2Fd1e00ek4ebabms.cloudfront.net%2Fproduction%2Ffc374e9e-0d2d-4759-816f-503b428f3bad.jpg?source=next-article&fit=scale-down&quality=highest&wi...

Bending Spoons' Nasdaq IPO caps its 50+ deals across 10+ years that transformed the Italian startup into a highly leveraged internet company with ~$4.4B in debt

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.

https://techfundingnews.com/wp-content/uploads/2026/07/Hojun-Choi-co-founder-and-co-CEO-of-LinqAlpha.jpg

NY-based LinqAlpha, which provides AI-powered market research tools for hedge funds, raised a $22M Series A co-led by AVP, Atinum Investment, and GFT Ventures

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.

https://images.ft.com/v3/image/raw/https%3A%2F%2Fd1e00ek4ebabms.cloudfront.net%2Fproduction%2F2ffd998c-61af-4514-af51-a80554a576ea.jpg?source=next-article&fit=scale-down&quality=highest&wi...

Sources: Uber halts plans to launch food delivery in five of the seven European countries it had targeted for expansion as it pursues a Delivery Hero takeover

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.