• Secure Prompt
  • Posts
  • Threat Wire #004: Opening a repo is now the exploit

Threat Wire #004: Opening a repo is now the exploit

The Miasma/Hades worm hijacks four AI coding tools with one commit - no install required. LiteLLM hits CISA's KEV under active ransomware attack. And a NIST proof says no guardrail set can ever block every jailbreak.

Author

Secure Prompt Team
June 15, 2026

In partnership with

Watch every match the way it was meant to sound.

This summer, 48 nations play. For a lot of fans in the US, the match doesn't feel right in the wrong language. The commentary, the energy, the way goals sound when your language is calling them.

Norton Neo is a free browser with a free built-in VPN. Stream privately in the language you want. No subscription, no sign-up, no credit card. Built-in VPN, anti-fingerprinting, and ad blocking, all backed by Norton security.

Free to download. Free to use.

Fast. Safe. Intelligent. That's Neo..

AI SECURITY PULSE

Hello!

Welcome to issue #4 of Secure Prompt’s Threat Wire.

The trusted developer environment collapsed this week. The Miasma/Hades worm reached 73 Microsoft GitHub repositories by planting AI coding-tool config files - and opening the repo in Claude Code, Gemini CLI, Cursor, or VS Code is the entire trigger, no npm install needed. The same campaign hit PyPI, where malicious wheels execute on every Python interpreter start. LiteLLM's gateway flaw landed on CISA's Known Exploited Vulnerabilities catalog under active ransomware exploitation. And a NIST scientist published a peer-reviewed proof arguing that no finite set of guardrails can block every jailbreak. The throughline: the environments and tools developers trust most - the IDE, the package registry, the AI gateway - are now the attack surface.

Subscribe to keep reading

This content is free, but you must be subscribed to Secure Prompt to continue reading.

I consent to receive newsletters via email. Sign up Terms of service.

Already a subscriber?Sign in.Not now