Executive Summary
On 2026-06-05, security researchers disclosed a highly sophisticated supply chain compromise targeting the official Microsoft/Azure repository Azure/durabletask [stepsecurity.io opens in a new tab]. A compromised contributor account was used to push a backdated commit titled "Switched DataConverter to OrchestrationContext [skip ci]" [stepsecurity.io opens in a new tab]. The commit introduced zero functional changes to the codebase but added .vscode/tasks.json with "runOn": "folderOpen" to execute .github/setup.js automatically when the folder is opened in Visual Studio Code [threatlocker.com opens in a new tab] [zscaler.com opens in a new tab].
Furthermore, the commit planted configuration files targeting AI coding assistants (Claude Code, Cursor, Gemini CLI) to execute credential-stealing payloads [stepsecurity.io opens in a new tab] [zscaler.com opens in a new tab]. Microsoft and GitHub security teams responded within minutes, disabling 73 repositories across 4 organizations (Azure, Azure-Samples, Microsoft, MicrosoftDocs) to contain the spread [threatlocker.com opens in a new tab] [phoenix.security opens in a new tab]. The compromised account was linked to prior activity on PyPI where it published malicious versions of the durabletask package (1.4.1, 1.4.2, 1.4.3) [stepsecurity.io opens in a new tab].
A June 18 StepSecurity follow-up showed the broader Miasma/Hades family was still actively spreading across npm and PyPI, with open-time and import-time triggers replacing the older install-time assumptions many scanners rely on. That follow-up attributes the npm branch to a 157-byte binding.gyp "Phantom Gyp" trigger, the repository branch to IDE/AI-assistant auto-run files, and the PyPI branch to an obfuscated __init__.py import hook that downloads Bun and launches the JavaScript payload [stepsecurity.io opens in a new tab].