Azure (49)
azure-functions-agents-runtime azure-functions-connector-extension azure-functions-core-tools azure-functions-docker azure-functions-dotnet-extensions azure-functions-dotnet-worker azure-functions-durable-extension azure-functions-durable-js azure-functions-durable-powershell azure-functions-durable-python azure-functions-extension-bundles azure-functions-golang-worker azure-functions-host azure-functions-java-library azure-functions-java-worker azure-functions-kafka-extension azure-functions-language-worker-protobuf azure-functions-mcp-extension azure-functions-nodejs-e2e-tests azure-functions-nodejs-library azure-functions-nodejs-opentelemetry azure-functions-nodejs-worker azure-functions-openai-extension azure-functions-powershell-library azure-functions-powershell-opentelemetry azure-functions-powershell-worker azure-functions-python-extensions azure-functions-python-library azure-functions-python-worker azure-functions-rabbitmq-extension azure-functions-skills azure-functions-sql-extension azure-functions-templates azure-functions-tooling-feed azure-functions-vs-build-sdk azure-webjobs-sdk azure-webjobs-sdk-extensions azure-websites-security checkaccess-v2-go-sdk Connectors-NET-LSP Connectors-NET-Samples Connectors-NET-SDK Connectors-NodeJS-SDK connectors-python-sdk durabletask functions-action functions-container-action homebrew-functions sonic-gnmi.msft
microsoft (10)
DurableFunctionsMonitor durabletask-dotnet durabletask-go durabletask-java durabletask-js durabletask-mssql durabletask-netherite durabletask-protobuf Microsoft-Performance-Tools-Apple secure-azureai-agent
Azure-Samples (13)
azure-ai-content-understanding-python azure-container-apps-multi-agent-workflow azure-container-apps-sandboxes azure-functions-java-flex-consumption-azd azure-functions-nodejs-opentelemetry-samples azure-search-openai-demo-purviewdatasecurity functions-connectors-python functions-connectors-typescript llm-fine-tuning openai-chat-app-entra-auth-builtin openai-chat-app-entra-auth-local rag-postgres-openai-python tutor
MicrosoftDocs (1)
windows-driver-docs
* https://news.ycombinator.com/item?id=48418318 (The Blight Reaches Microsoft: 73 Repos Disabled in 105 Seconds)
* https://news.ycombinator.com/item?id=48450543 (Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents)
* https://news.ycombinator.com/item?id=48416155
* https://news.ycombinator.com/item?id=48416269 (Miasma Worm Targets AI Coding Agents via GitHub Repos)
This latest event just continues Microsoft's track record of being a security problem rather than having their shit together. :(
Again, I am not saying it is related but I think it has an impact.
Now in many places it is encouraged by coders and managers to vibe stuff on their own devices. Soon or later it will become a problem, especially for those that have no idea what they are doing.
I am not saying it is related but I feel that it coincides perfectly.
I just cannot believe there is no underlaying thread going through all of these recent supply chain issues, and yes there are some hacking groups that specialise in this, sure, but it is because the bounty is plentiful.
Then, which I find the most amusing, proceeds to blame MicroSlop for the attempted suuply chain attack,
> Microsoft did not immediately provide the specific number of customers affected, when asked by TechCrunch.
Yeah, because that's how open source works. Tech crunch doing hard work no not explain that.
> This is Microsoft’s second known breach over the past few weeks that has allowed hackers to compromise its open source projects, per Ars Technica.
I, like many others love to knock on Microslop when I can, but in this case they did the right thing. The article phrases it like they did everything wrong, they're all at fault and shame on them for limiting the breach.
This is not the first time I've seen an article from Zack Whittaker that just rubbed me the wrong way.
> steal passwords of AI developers
This phrasing has it's own connotations. AI developers versus developers who use AI?
> This is the latest example in recent months of hackers breaching widely popular open source projects with the aim of planting malware on a large number of users who have the code installed on their computers. These hacks are known as “supply chain” attacks as they target code that is often used in a large number of software products, or by a specific kind of user, which may be advantageous to hack as they sometimes have access to cloud systems and large amounts of customers’ data.
Describes literally nothing of what a supply chain attack is, just the result of one and the reasons for their attack surface.
Very very bad reporting in my opinion. Bad breach, and I hate to admit M$ did the safe and right thing, but this 'reporting' leaves a lot to be desired.
If you are going to be handing tokens to AI agents on weird openclaw contraptions, you should try to use the fine grained variants. My GitHub account spans 3 organizations with wildly differing policies. The fact that classic tokens are even still allowed blows my mind a bit. You should be required to manually opt in each organization at a minimum.
What does this even mean?
The malware specifically steals passwords from developers who use AI? From those who develop AI tool? Or it steals API tokens, which serve a similar function as passwords do for humans?
Is this what journalism looks like today? Just slap the two holy letters on the title and you get views?
(Yes, I read the article. No, I still don't think the title makes sense. You can skip this sloppy techchurch article and read the real information here: https://opensourcemalware.com/blog/miasma-reaches-azure)
TZubiri•55m ago