A self-replicating worm designated Miasma has compromised 73 Microsoft GitHub repositories across the Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations by exploiting stolen publisher credentials. Malicious commits pass standard integrity checks because they originate from authenticated accounts, making this invisible to code-signing and commit verification controls. Downstream consumers of the Azure Durable Task ecosystem via PyPI and npm are the primary enterprise exposure surface, with a secondary payload that targets AI coding environments and can execute autonomously on developer workstations.