Miasma Worm Source Code Leaked (Plus: Anthropic's Fable RealityCheck) | Threat Wire

Hak5 Podcast 27 days ago

Description

This week on ThreatWire, we look into the evolving landscape of software supplychain attacks. We analyze the leaked Miasma worm toolkit and its use of GitHub as a C2 server, discuss the security implications of NPM v12 disabling install-time lifecycle scripts, and look at the U.S. government’s directive that led Anthropic to disable access to its Fable/Mythos models. Plus, a rapid-fire rundown of the latest BSides news.

⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️



@endingwithali →
Twitch: https://twitch.tv/endingwithali
Twitter: https://twitter.com/endingwithali
YouTube: https://youtube.com/@endingwithali
Everywhere else: https://links.ali.dev

Want to work with Ali? hak5@endingwithali.com

[❗] Join the Patreon→ https://patreon.com/threatwire
0:00 0 - Intro
1 - Microsoft Miasma Updates
2 - NPM Makes Changes
3 - Shark Jack Display!
4 - Anthropic Called Mythos Bluff
5 - BSides News
6 - Outro

LINKS
🔗 Story 1: Microsoft Miasma Updates
https://github.blog/news-insights/company-news/npm-is-joining-github/
https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html
https://www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/
https://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/
🔗 Story 2: NPM Makes Changes
https://thehackernews.com/2026/06/github-to-disable-npm-install-scripts.html
https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/
https://www.aikido.dev/blog/npm-v12-block-postinstall
https://medium.com/@v_pragma/12-strange-things-that-can-happen-after-installing-an-npm-package-45de7fbf39f0
🔗 Story 3: Anthropic Called Mythos Bluff
https://www.bleepingcomputer.com/news/security/us-gov-asks-anthropic-to-ban-foreign-national-access-to-fable-mythos/
https://www.anthropic.com/news/claude-fable-5-mythos-5
https://www.anthropic.com/news/fable-mythos-access
https://techcrunch.com/2026/06/10/cybersecurity-researchers-arent-happy-about-the-guardrails-on-anthropics-fable/
🔗 Story 4: BSides News
https://www.cbc.ca/news/canada/social-media-ban-bill-teens-parents-reax-9.7232286
https://deadeclipse666.blogspot.com/
https://about.fb.com/news/2026/06/fighting-spyware-an-update-from-whatsapp/
https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/
https://hackread.com/atomic-arch-hijacks-linux-aur-packages-malware/
https://www.tomshardware.com/software/linux/california-moves-to-exempt-linux-from-its-upcoming-age-verification-law-after-backlash-over-forcing-operating-systems-to-collect-users-ages-amendment-proposed-by-the-same-lawmaker-who-wrote-the-original-law
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Community → https://www.hak5.org/community
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
____________________________________________

Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.