top of page
ALL POSTS
Critical Miasma Worm Campaign Targets Microsoft and Red Hat in Expanding Supply Chain Attack Wave
Key Findings Miasma worm infected 73 Microsoft GitHub repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations, forcing GitHub to disable access Attack represents re-compromise of previously infected "durabletask" PyPI package, suggesting threat actors maintained persistent access for over a month Miasma operates as self-replicating malware variant of Mini Shai-Hulud worm, exploiting the trust model of package registries rather than technical vulne
Jun 64 min read
Microsoft Issues Emergency Patch for Critical ASP.NET Core Privilege Escalation Vulnerability CVE-2026-40372
Key Findings Microsoft released out-of-band patches for CVE-2026-40372, a critical ASP.NET Core privilege escalation vulnerability with a CVSS score of 9.1 Successful exploitation allows attackers to gain SYSTEM-level privileges and access sensitive files The flaw stems from improper cryptographic signature verification in the DataProtection library versions 10.0.0-10.0.6 Exploitation requires three specific conditions: vulnerable NuGet package in use, runtime loading of the
Apr 222 min read
bottom of page
