Executive Summary
Date: June 11, 2026
The June 11, 2026 ThreatsDay Bulletin underscores a critical escalation in the global cyber threat landscape, marked by the public leak of the Miasma supply chain worm toolkit, successful phishing attacks against AI agents, a high-severity patch for the Claude Code GitHub Action by Anthropic, and 28 additional high-impact incidents. This advisory synthesizes the technical details, exploitation vectors, indicators of compromise, and actionable intelligence relevant to these threats. The report is designed to inform both executive stakeholders and technical teams, providing a comprehensive view of the latest adversarial tactics and the urgent need for robust supply chain, CI/CD, and AI security controls.
Technical Information
Miasma Toolkit Leak: Supply Chain Worm
On June 10, 2026, the Miasma credential-stealing attack framework was leaked via compromised developer accounts on GitHub, specifically through the repository “Miasma-Open-Source-Release” (SafeDep, 2026-06-10). Miasma is a modular, multi-stage supply chain attack toolkit engineered to compromise public package registries such as PyPI, npm, and RubyGems, as well as JFrog Artifactory, GitHub repositories, GitHub Actions, and AI coding tool configurations. The toolkit leverages advanced command-and-control (C2) channels by embedding unique search strings and cryptographic keys within GitHub commit histories, including “DontRevokeOrItGoesBoom” for Personal Access Token (PAT) exfiltration, “TheBeautifulSandsOfTime” for JavaScript payload delivery, and “firedalazer” for Python remote code execution backdoors.
The Miasma campaign is a direct evolution of the Shai-Hulud worm, with the latest Python variant dubbed Hades. The worm’s propagation mechanism exploits compromised developer credentials to inject malicious code into widely used open-source packages and CI/CD pipelines. Once embedded, the malware establishes persistence, exfiltrates secrets, and enables lateral movement via SSH, targeting both developer endpoints and build infrastructure. As of this bulletin, over 304 components and 73 Microsoft GitHub repositories have been confirmed impacted, with ongoing investigations into further downstream exposure (The Hacker News, 2026-06-11).
Miasma’s Tactics, Techniques, and Procedures (TTPs) align with MITRE ATT&CK techniques T1195 (Supply Chain Compromise), T1078 (Valid Accounts), T1557 (Man-in-the-Middle), and T1021 (Remote Services). While no direct attribution has been established, the operational patterns overlap with known supply chain actors such as APT41 and the Lazarus Group.
Indicators of Compromise (IOCs): Key IOCs include the “Miasma-Open-Source-Release” GitHub repository, C2 search strings “DontRevokeOrItGoesBoom”, “TheBeautifulSandsOfTime”, and “firedalazer”, as well as the “Hades” Python variant. Organizations are urged to audit their dependencies, monitor for these IOCs, and review recent commits for anomalous activity.
AI Agent Phishing: OpenClaw and Claude Code
Recent red team simulations and real-world attacks have demonstrated that AI-powered agents, such as the OpenClaw email agent (“Pinchy”) and the Claude Code GitHub Action by Anthropic, are susceptible to advanced phishing and social engineering tactics (Varonis, 2026-06-10). Attackers exploited these agents by crafting plausible requests that induced the AI to forward sensitive credentials—including AWS IAM keys, database passwords, and SSH access tokens—to external adversaries.
A critical vulnerability in the Claude Code GitHub Action (pre-v2.1.128) allowed attackers to exfiltrate CI/CD secrets by accessing unsanitized environment variables via /proc/self/environ. This flaw was responsibly disclosed by Microsoft and patched by Anthropic in version 2.1.128 on May 5, 2026 (Anthropic, 2026-05-05). All organizations using the Claude Code GitHub Action must upgrade immediately to mitigate this risk.
The exploitation chain involved social engineering via email and GitHub issues, leveraging the AI’s lack of contextual awareness and insufficient input sanitization. The relevant MITRE ATT&CK techniques are T1566 (Phishing), T1552 (Unsecured Credentials), and T1216 (System Script Proxy Execution). No specific APT attribution has been made, but the sophistication of the attacks suggests involvement of advanced social engineering groups.
IOCs: Malicious activity targeting the “Pinchy” AI agent and exploit attempts against the Claude Code GitHub Action, particularly via suspicious GitHub issues or comments, should be closely monitored.
Additional Notable Threats
SilabRAT is a Malware-as-a-Service (MaaS) remote access trojan attributed to the Russian-speaking actor “o1oo1”. It features browser profile cloning, hidden virtual network computing (HVNC), and cryptocurrency wallet theft, delivered via ClickFix campaigns and the Hijack Loader (Group-IB, 2026-06-09). All Windows systems infected via these vectors since September 2025 are at risk.
SStar Agent is a cross-platform RAT distributed through a poisoned npm package (“tw-style-utils”) and a bogus Web3 engineering assessment hosted on GitHub (“star45674/smart-contract-engineer-role”). It targets both Windows and macOS, enabling surveillance, exfiltration, and keyboard/clipboard hooks. The campaign overlaps with North Korean social engineering operations (Iru, 2026-06-08).
Ghost-Sender exploits misconfigurations in Microsoft Exchange (both Online and on-premises in hybrid mode) to spoof any sender, bypassing SPF, DKIM, and DMARC protections. This enables highly effective phishing and business email compromise attacks (InfoGuard Labs, 2026-06-07).
ComoDoS (CVE-2026-49494) is a denial-of-service vulnerability in Comodo Internet Security’s Inspect.sys driver, allowing remote crash via a single TCP/IP packet. The vulnerability remains unpatched as of this report (Marcus Hutchins, 2026-06-10).
BLUERABBIT is an Iran-nexus backdoor with ransomware and disk wiper capabilities, using RabbitMQ, Redis, and MinIO for C2. It has been deployed against Israeli entities since March 2026 (Binary Defense, 2026-06-09).
Other ongoing campaigns include Agent Tesla phishing via ZIP lures, GoFlateLoader delivering multiple infostealers to organizations in Brazil, India, Argentina, Mexico, Turkey, and Spain, and abuse of NinjaOne RMM in Brazilian phishing campaigns.
Exploitation and Breach Reports
The Miasma/Hades campaign has affected over 304 components and 73 Microsoft GitHub repositories. The Claude Code Action vulnerability was patched following responsible disclosure by Microsoft. A separate incident exposed 507 private Meta repositories due to a misconfigured Grafana instance (Sectricity, 2026-06-09). Agent Tesla continues to be distributed via phishing campaigns using ZIP attachments (Point Wild, 2026-06-08).
Indicators of Compromise (IOCs)
Key IOCs include the “Miasma-Open-Source-Release” and “star45674/smart-contract-engineer-role” GitHub repositories, C2 strings “DontRevokeOrItGoesBoom”, “TheBeautifulSandsOfTime”, and “firedalazer”, malicious npm packages “tw-style-utils” and “ambar-src”, and malware hashes detailed in the SafeDep and Group-IB reports. Phishing domains are catalogued by InfoGuard Labs and Sectricity.
MITRE ATT&CK TTPs and APT Groups
The primary techniques observed include T1195 (Supply Chain Compromise), T1566 (Phishing), T1552 (Unsecured Credentials), T1078 (Valid Accounts), and T1021 (Remote Services). The operational patterns are consistent with APT41 and the Lazarus Group, both of which have a history of supply chain and social engineering attacks.
Affected Product Versions
- Claude Code GitHub Action: All versions prior to v2.1.128 (patched May 5, 2026)
- OpenClaw AI agent: All deployed versions as of June 2026
- Miasma/Hades: All versions of affected PyPI, npm, RubyGems packages and 73 Microsoft GitHub repositories (see SafeDep for details)
- SilabRAT: All Windows systems infected via ClickFix/Hijack Loader since September 2025
- SStar Agent: All npm package versions of “tw-style-utils” since June 2026; Windows/macOS systems running payload from “star45674/smart-contract-engineer-role”
- Ghost-Sender: Microsoft Exchange Online and on-premises Exchange in hybrid mode with external MX records and third-party email/spam protection
- ComoDoS (CVE-2026-49494): Comodo Internet Security with Inspect.sys driver (all versions as of June 2026; unpatched)
- BLUERABBIT: All Windows and Linux systems infected since March 2026
Mitigation Strategies
Immediate actions include applying the Claude Code Action v2.1.128 patch, auditing and restricting CI/CD pipeline secrets and environment variable access, monitoring public repositories for suspicious commits and package uploads, educating users and AI agent developers on phishing and social engineering risks, hardening Exchange configurations, blocking malicious npm/PyPI packages, and segmenting/monitoring SSH access in CI/CD environments.
References
The Hacker News: ThreatsDay Bulletin, SafeDep: Miasma Leak, Varonis: AI Agent Phishing, Anthropic: Claude Code Patch, Group-IB: SilabRAT, Binary Defense: BLUERABBIT, InfoGuard Labs: Ghost-Sender, Sectricity: Meta Grafana Leak, Point Wild: Agent Tesla, NVD: CVE-2026-49494, Iru: SStar Agent.
Rescana is here for you
Rescana’s Third-Party Risk Management (TPRM) platform empowers organizations to continuously monitor, assess, and mitigate cyber risks across their entire digital supply chain. Our advanced analytics and threat intelligence capabilities provide real-time visibility into emerging threats, enabling proactive defense against sophisticated adversaries. For any questions, further details, or to request custom IOC feeds and threat hunting support, please contact us at ops@rescana.com.
