Miasma Worm Source Code Leaked + What NPM v12 Means for Developers | Threat Wire
This week on ThreatWire, we look into the evolving landscape of software supplychain attacks. We analyze the leaked Miasma worm toolkit and its use of GitHub as a C2 server, discuss the security implications of NPM v12 disabling install-time lifecycle scripts, and look at the U.S. government’s directive that led Anthropic to disable access to its Fable/Mythos models. Plus, a rapid-fire rundown of the latest BSides news.
⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev
Want to work with Ali? hak5@endingwithali.com
[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 0 – Intro
1 – Microsoft Miasma Updates
2 – NPM Makes Changes
3 – Shark Jack Display!
4 – Anthropic Called Mythos Bluff
5 – BSides News
6 – Outro
LINKS
🔗 Story 1: Microsoft Miasma Updates
https://github.blog/news-insights/company-news/npm-is-joining-github/
https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html
https://www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/
https://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/
🔗 Story 2: NPM Makes Changes
https://thehackernews.com/2026/06/github-to-disable-npm-install-scripts.html
https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/
https://www.aikido.dev/blog/npm-v12-block-postinstall
https://medium.com/@v_pragma/12-strange-things-that-can-happen-after-installing-an-npm-package-45de7fbf39f0
🔗 Story 3: Anthropic Called Mythos Bluff
https://www.bleepingcomputer.com/news/security/us-gov-asks-anthropic-to-ban-foreign-national-access-to-fable-mythos/
https://www.anthropic.com/news/claude-fable-5-mythos-5
https://www.anthropic.com/news/fable-mythos-access
https://techcrunch.com/2026/06/10/cybersecurity-researchers-arent-happy-about-the-guardrails-on-anthropics-fable/
🔗 Story 4: BSides News
https://www.cbc.ca/news/canada/social-media-ban-bill-teens-parents-reax-9.7232286
https://deadeclipse666.blogspot.com/
https://about.fb.com/news/2026/06/fighting-spyware-an-update-from-whatsapp/
https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/
https://hackread.com/atomic-arch-hijacks-linux-aur-packages-malware/
https://www.tomshardware.com/software/linux/california-moves-to-exempt-linux-from-its-upcoming-age-verification-law-after-backlash-over-forcing-operating-systems-to-collect-users-ages-amendment-proposed-by-the-same-lawmaker-who-wrote-the-original-law
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
____________________________________________
Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.Hak5Read More