Miasma Supply Chain Worm Hits npm, PyPI, and Microsoft Azure

Miasma supply chain attack

Miasma Supply Chain Worm Infects npm, PyPI, and Microsoft Azure Repositories A fast-moving supply chain campaign dubbed Miasma is spreading across open-source software registries this week, weaponizing a novel install-time technique to steal developer credentials, poison build pipelines, and self-propagate across enterprise cloud environments. Security researchers have confirmed three distinct waves since June 1, 2026, … Read more

Klue Supply Chain Attack Exposes CRM Data Across Major Firms

Salesforce OAuth Breach

A sweeping supply chain attack against Klue, the Vancouver-based competitive intelligence platform, has triggered cascading data breaches at more than a dozen major technology and cybersecurity firms, including Huntress, Recorded Future, Jamf, and Tanium. The Icarus extortion group compromised a legacy integration credential at Klue on June 11, 2026, planted malicious code to harvest customer … Read more