Supply Chain Attack on Microsoft Azure Repositories and Critical Security Updates

9 Jun 2026

supply_chain_attackcybersecurityMicrosoft_AzureGitHubwormMyasmaCheck_PointVPNvulnerabilitypatchingransomwareVerizonVoLTEIPsechoneypotVelociraptorCI/CD

On June 9, 2026, the SANS Internet Storm Center reported a supply chain compromise affecting 72 Microsoft Azure-related GitHub repositories via a worm dubbed 'Myasma' by Step Security. Microsoft disabled the repositories to contain the threat, causing disruptions in CI/CD pipelines for dependent developers, though this prevented further infections. Separately, Check Point released an urgent patch for its VPN after attackers exploited a certificate validation flaw to bypass authentication, with ransomware groups actively targeting unpatched systems. Verizon was also noted for failing to implement IPsec protections for Voice over LTE (VoLTE) traffic, leaving signaling data vulnerable to interception or tampering. The update mentioned an upcoming honeypot software upgrade integrating Velociraptor for dynamic log retrieval, with preview links to be shared on Slack. Key takeaways included the necessity of rapid patching for Check Point VPN and the risks of unprotected carrier networks.