IronWorm and Miasma Infect 36 and 73 Supply-Chain Packages

A Rust-based IronWorm malware infects 36 npm packages targeting 86 environment variables and 20 credential files including OpenAI and AWS keys while hiding via eBPF and Tor. A separate Miasma worm attacks 73 Microsoft GitHub repos across Azure and MicrosoftDocs orgs disabling access to affected repositories. Miasma reuses the durabletask package from a prior TeamPCP compromise to spread across.NET, Go, Java, JS, and protobuf implementations. The Miasma variant is a mutated Mini Shai-Hulud worm released by TeamPCP in mid-2026.