{
  "title": "Miasma DurableTask GitHub Repository Compromise",
  "summary": "On June 5, 2026, the official Azure/durabletask GitHub repository was compromised. Threat actors pushed a backdated commit ('Switched DataConverter to OrchestrationContext [skip ci]') that added a malicious tasks.json and configuration files targeting AI coding tools to execute credential-stealing payloads.",
  "date": "2026-06-05",
  "severity": "critical",
  "tags": [
    "github",
    "repository-compromise",
    "supply-chain",
    "credential-theft",
    "microsoft",
    "azure",
    "miasma",
    "hades",
    "teampcp"
  ],
  "sources_count": 4,
  "indicators": {
    "slug": "miasma-durabletask-github-compromise",
    "since": "2026-06-05T08:00:00Z",
    "until": "2026-06-05T23:59:59Z",
    "ecosystem": "github, git, vscode, claude, cursor, gemini github",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [
      ".vscode/tasks.json",
      ".claude/settings.json",
      ".gemini/settings.json",
      ".cursor/rules/setup.mdc",
      ".github/setup.js"
    ],
    "paths": [],
    "services": [],
    "domains": [
      "api.masscan.cloud",
      "filev2.getsession.org",
      "seed1.getsession.org",
      "seed2.getsession.org",
      "seed3.getsession.org",
      "git-tanstack.com"
    ],
    "urls": [
      "https://api.masscan.cloud",
      "https://filev2.getsession.org",
      "https://seed1.getsession.org",
      "https://seed2.getsession.org",
      "https://seed3.getsession.org",
      "https://git-tanstack.com"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}