Sign up to save your podcasts
Or
Share Self-replicating Miasma worm hits 73 Microsoft GitHub repositories in supply chain attack — 2026-06-06
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Self-replicating Miasma worm hits 73 Microsoft GitHub repositories in supply chain attack — 2026-06-06
## Short Segments
Google's massive AI compute deal with SpaceX is set to reshape the tech landscape, while an AI agent uncovers vulnerabilities in FFmpeg, and GM bets big on a new battery chemistry. Later, we'll dive into the Miasma worm's impact on Microsoft's GitHub repositories. First, Google will pay SpaceX $920 million a month for AI compute power. Google has inked a deal with SpaceX to access AI computing power, paying $920 million monthly for the use of xAI's data centers. This agreement, spanning from October 2026 to June 2029, involves approximately 110,000 Nvidia GPUs and other components housed in SpaceX's facilities. The deal is part of Google's strategy to bolster its AI capabilities, particularly for its Gemini Enterprise project. For SpaceX, this agreement provides a significant financial boost ahead of its anticipated IPO, highlighting the growing demand for AI infrastructure. This move underscores the increasing importance of AI compute power in tech giants' strategic plans. Google's $920 million monthly payment to SpaceX marks a major shift in AI compute capacity. SpaceX's data centers, equipped with 110,000 Nvidia GPUs, will support Google's AI initiatives, including the Gemini AI models. This deal not only strengthens SpaceX's financial position before its IPO but also emphasizes the critical role of advanced computing infrastructure in AI development. As AI demands grow, partnerships like this highlight the strategic importance of securing robust compute resources. Expect more such collaborations as companies race to enhance their AI capabilities. An AI agent has discovered 21 zero-day vulnerabilities in FFmpeg, while Chrome patches a record 429 bugs. Depthfirst's autonomous AI agent identified these vulnerabilities in the widely-used FFmpeg media library, costing just $1,000 in compute resources. Meanwhile, Google released Chrome 149, addressing 429 security issues, the most in a single update. This surge in vulnerability detection highlights the dual-edged nature of AI in cybersecurity, where finding bugs is becoming cheaper, but fixing them remains a challenge. The rapid pace of AI-driven discovery is reshaping the cybersecurity landscape, demanding faster response times from defenders. GM's $900 million investment in unproven battery chemistry aims to cut EV prices by 2028. The automaker's new Battery Cell Development Centre in Michigan focuses on lithium manganese-rich (LMR) prismatic cells, which could reduce EV battery costs by $6,000 per vehicle. LMR technology, if successful, promises higher energy density at a lower cost by using more abundant materials like manganese instead of cobalt and nickel. This move positions GM to potentially leapfrog competitors in the EV market, as it seeks to make electric vehicles more affordable and accessible. However, the success of this technology remains to be seen, as it has yet to be commercialized. A former IBM cybersecurity executive accuses the company of covering up Chinese hacking incidents. William Barlow, IBM's ex-vice president of threat intelligence, claims in a whistleblower lawsuit that IBM concealed multiple data breaches by Chinese state-linked hackers from 2013 to 2016. The lawsuit, unsealed this week, alleges IBM failed to notify U.S. authorities about these breaches, raising concerns about corporate transparency and cybersecurity practices. This case highlights the ongoing challenges companies face in managing cybersecurity threats and the potential repercussions of failing to disclose such incidents. The outcome of this lawsuit could have significant implications for corporate cybersecurity policies and practices. Swiss startup GR3N raises €15.5 million to build the first microwave-powered PET recycling plant. The funding will support the construction of MODUS, a 40,000-ton-per-year facility in Spain, using GR3N's microwave-assisted depolymerization technology. This innovative approach can process 100% of PET waste, including materials that traditional recycling methods cannot handle, potentially reducing CO₂ emissions by up to 80%. With EU regulations pushing for higher recycled content in plastics, GR3N's technology could play a crucial role in meeting these targets. The success of this plant could pave the way for more sustainable recycling solutions worldwide.
## Feature Story
The self-replicating Miasma worm has infiltrated 73 Microsoft GitHub repositories, marking a significant escalation in supply chain attacks. This incident led GitHub to disable access to affected repositories across four Microsoft organizations, including Azure and MicrosoftDocs. The worm plants malicious code that harvests developer credentials, posing a severe threat to the open-source ecosystem. Supply chain attacks like this one exploit the interconnected nature of software development, where a single compromised component can have widespread repercussions. In this case, the Miasma worm's ability to self-replicate and spread rapidly underscores the vulnerabilities inherent in open-source platforms. Microsoft's GitHub repositories are just the latest victims in an ongoing campaign that has already affected numerous npm packages and other projects. The attack highlights the critical need for robust security measures and vigilant monitoring of software dependencies. As the open-source community grapples with these challenges, developers and organizations must prioritize security to protect against similar threats. Looking ahead, the industry may see increased investment in security tools and practices designed to detect and mitigate supply chain attacks before they can cause significant damage. For now, the Miasma worm serves as a stark reminder of the evolving nature of cybersecurity threats and the importance of staying ahead of potential vulnerabilities. As this situation develops, stakeholders will need to collaborate closely to strengthen the resilience of the software supply chain. Stay tuned for more updates as the story unfolds.
View all episodes
By Alutus LLC## Short Segments
Google's massive AI compute deal with SpaceX is set to reshape the tech landscape, while an AI agent uncovers vulnerabilities in FFmpeg, and GM bets big on a new battery chemistry. Later, we'll dive into the Miasma worm's impact on Microsoft's GitHub repositories. First, Google will pay SpaceX $920 million a month for AI compute power. Google has inked a deal with SpaceX to access AI computing power, paying $920 million monthly for the use of xAI's data centers. This agreement, spanning from October 2026 to June 2029, involves approximately 110,000 Nvidia GPUs and other components housed in SpaceX's facilities. The deal is part of Google's strategy to bolster its AI capabilities, particularly for its Gemini Enterprise project. For SpaceX, this agreement provides a significant financial boost ahead of its anticipated IPO, highlighting the growing demand for AI infrastructure. This move underscores the increasing importance of AI compute power in tech giants' strategic plans. Google's $920 million monthly payment to SpaceX marks a major shift in AI compute capacity. SpaceX's data centers, equipped with 110,000 Nvidia GPUs, will support Google's AI initiatives, including the Gemini AI models. This deal not only strengthens SpaceX's financial position before its IPO but also emphasizes the critical role of advanced computing infrastructure in AI development. As AI demands grow, partnerships like this highlight the strategic importance of securing robust compute resources. Expect more such collaborations as companies race to enhance their AI capabilities. An AI agent has discovered 21 zero-day vulnerabilities in FFmpeg, while Chrome patches a record 429 bugs. Depthfirst's autonomous AI agent identified these vulnerabilities in the widely-used FFmpeg media library, costing just $1,000 in compute resources. Meanwhile, Google released Chrome 149, addressing 429 security issues, the most in a single update. This surge in vulnerability detection highlights the dual-edged nature of AI in cybersecurity, where finding bugs is becoming cheaper, but fixing them remains a challenge. The rapid pace of AI-driven discovery is reshaping the cybersecurity landscape, demanding faster response times from defenders. GM's $900 million investment in unproven battery chemistry aims to cut EV prices by 2028. The automaker's new Battery Cell Development Centre in Michigan focuses on lithium manganese-rich (LMR) prismatic cells, which could reduce EV battery costs by $6,000 per vehicle. LMR technology, if successful, promises higher energy density at a lower cost by using more abundant materials like manganese instead of cobalt and nickel. This move positions GM to potentially leapfrog competitors in the EV market, as it seeks to make electric vehicles more affordable and accessible. However, the success of this technology remains to be seen, as it has yet to be commercialized. A former IBM cybersecurity executive accuses the company of covering up Chinese hacking incidents. William Barlow, IBM's ex-vice president of threat intelligence, claims in a whistleblower lawsuit that IBM concealed multiple data breaches by Chinese state-linked hackers from 2013 to 2016. The lawsuit, unsealed this week, alleges IBM failed to notify U.S. authorities about these breaches, raising concerns about corporate transparency and cybersecurity practices. This case highlights the ongoing challenges companies face in managing cybersecurity threats and the potential repercussions of failing to disclose such incidents. The outcome of this lawsuit could have significant implications for corporate cybersecurity policies and practices. Swiss startup GR3N raises €15.5 million to build the first microwave-powered PET recycling plant. The funding will support the construction of MODUS, a 40,000-ton-per-year facility in Spain, using GR3N's microwave-assisted depolymerization technology. This innovative approach can process 100% of PET waste, including materials that traditional recycling methods cannot handle, potentially reducing CO₂ emissions by up to 80%. With EU regulations pushing for higher recycled content in plastics, GR3N's technology could play a crucial role in meeting these targets. The success of this plant could pave the way for more sustainable recycling solutions worldwide.
## Feature Story
The self-replicating Miasma worm has infiltrated 73 Microsoft GitHub repositories, marking a significant escalation in supply chain attacks. This incident led GitHub to disable access to affected repositories across four Microsoft organizations, including Azure and MicrosoftDocs. The worm plants malicious code that harvests developer credentials, posing a severe threat to the open-source ecosystem. Supply chain attacks like this one exploit the interconnected nature of software development, where a single compromised component can have widespread repercussions. In this case, the Miasma worm's ability to self-replicate and spread rapidly underscores the vulnerabilities inherent in open-source platforms. Microsoft's GitHub repositories are just the latest victims in an ongoing campaign that has already affected numerous npm packages and other projects. The attack highlights the critical need for robust security measures and vigilant monitoring of software dependencies. As the open-source community grapples with these challenges, developers and organizations must prioritize security to protect against similar threats. Looking ahead, the industry may see increased investment in security tools and practices designed to detect and mitigate supply chain attacks before they can cause significant damage. For now, the Miasma worm serves as a stark reminder of the evolving nature of cybersecurity threats and the importance of staying ahead of potential vulnerabilities. As this situation develops, stakeholders will need to collaborate closely to strengthen the resilience of the software supply chain. Stay tuned for more updates as the story unfolds.