Miasma worm hit 73 Microsoft GitHub repos

Show Notes

A new supply chain attack shows that simply opening a code repository can now execute malware inside common developer tools. At the same time, AI search is beginning to surface fraudulent websites, and outages in upstream models are breaking features inside everyday SaaS platforms. For firm leaders, this is a shift in where risk lives. It is no longer just at the network edge. It sits inside tools your teams use every day, from coding environments to research workflows to automation platforms. That means controls, verification, and redundancy need to move closer to how work actually happens. We also cover AI native job roles, tokenized IPO access, and the rise of prediction markets as decision tools. Learn more at https://crestvale.io

Transcript

SPEAKER_00 0:00

Opening a code repository can now execute malware before you run anything. That breaks one of the quiet assumptions most firms rely on. And it means your review process just became an attack surface. This is the Crestvale Newsroom Daily Podcast. A self-spreading worm hit 73 Microsoft GitHub repositories and forced shutdowns in under two minutes. The mechanism is the story. The payload hid inside repository configuration files. When engineers opened the repo in tools like VS Code or AI coding assistance, it executed immediately. No install step, no obvious trigger. That flips the risk model. Opening code used to be safe. Running it was the risk. Now even inspection can be enough. The attacker also used valid credentials. Compromised contributor access made the changes look like normal commits. In some cases, the activity bypassed CI checks. That let the worm move quickly and quietly. Speed mattered. The worm harvested credentials across AWS, Azure, and GitHub, then reused them to propagate. GitHub shut down the affected projects in just over 100 seconds to contain the spread. If your teams are standardizing on AI coding tools and pulling open source, this is aimed directly at your workflow. Why this matters? Your perimeter is not where you think it is. It sits inside everyday tools and routine actions. Treat opening external repositories as a controlled action. Lock down credentials, enforce least privilege, and assume that read-only interactions can still execute code. Now, a related shift is happening on the front end of how people find information. ChatGPT has been surfacing cloned retail sites that look legitimate, take payment, and disappear. Researchers showed examples where fake domains appeared as sources for well-known brands. This is not an edge case. It is a predictable outcome of models trained on the open web. Bad actors can create convincing pages, get them indexed, and then ride the credibility of the interface. Timing made it worse. In one case, a brand no longer had a standalone site after an acquisition. That created a vacuum that fake sites filled. The attack vector is trust. Users assume the link is safe because it came through an AI interface. Obvious red flags get ignored. For firms, this hits research, vendor selection, and client guidance. If your team is using AI outputs to make decisions, you need verification steps built in. Faster answers are only helpful if they are right. Meanwhile, reliability is becoming the constraint on embedded AI. Notion had to disable all anthropic models inside Notion AI after elevated failure rates. This was not about model quality. It was a provider outage. For users, features disappeared mid-task. Workflows that depended on those features stalled until service was restored hours later. This is the hidden dependency in AI inside your core SAS. When the upstream model goes down, your workflow goes with it. Your vendor cannot guarantee uptime if they rely on another provider. If AI is part of how you deliver work, you need fallback paths. That can mean alternate providers or non-AI paths for critical steps. Otherwise, a third-party outage becomes your missed deadline. And one more structural shift worth paying attention to. The automation layer inside firms is getting messy, fast. Tools like Zapier, Make, Airtable, and PowerAutomate are no longer simple connectors. They are running multi-step workflows and AI agents. At the same time, app builders are letting non-technical staff ship internal tools with a prompt. That sounds efficient. It also creates sprawl. There is no single platform that covers everything. So teams stitch together multiple tools. Without standards, you end up with a fragmented system that no one fully understands. The firms that pick a core automation layer and enforce it will move faster with less risk. The ones that do not will spend the next two years untangling their own stack. Here is what else is worth knowing today. Cognizant is formalizing AI native roles. Firms will need operators who can turn tools into billable work, not just licenses on a shelf. Bybit is opening tokenized access to IPOs. That points toward capital markets that run through platforms instead of traditional gates. Netflix is using generative AI to improve discovery. The value is filtering, not just creating more content. Calchi and similar platforms are pushing prediction markets into decision making. Expect more teams to look at live probabilities instead of static reports. Before we close out, here is a quick look at where markets landed. Equities closed lower, with both SPY and QQQ finishing the session down. The tone was cautious. The 10-year yield moved higher and closed around 4.5%. In alternative assets, Bitcoin pushed higher. Gold pulled back, and oil also finished lower. Here is the takeaway treat every AI assisted workflow as part of your attack surface and design controls accordingly. Tomorrow we are watching how firms redesign internal controls as AI tools move deeper into core workflows. If this was useful, follow the Crestvale Newsroom Daily Podcast so you don't miss it. Thanks for listening.