Microsoft pulled ~70 of its own GitHub repos after the Miasma worm hit Azure, Claude Code, Gemini CLI, and VS Code — the second Microsoft OSS compromise in two months. Cursor patched CVE-2026-26268, a .git/config sandbox escape. Dashlane disclosed 20 vaults stolen via weekend 2FA brute force.

MS Open Source Tools Hacked, Cursor Sandbox Escape, Dashlane Vaults Stolen

Hey guys, Mr. Technology here — let me break this one down.

What You Need to Know: Microsoft pulled roughly 70 of its own GitHub repos after credential-stealing malware — the "Miasma" worm — was found in code tied to Azure, Claude Code, Gemini CLI, and VS Code. Cursor shipped a sandbox-escape patch for CVE-2026-26268 (writing .git config to break out of the sandbox). And Dashlane disclosed that hackers brute-forced 2FA codes and stole roughly 20 encrypted customer vaults.

Why It Matters

Microsoft's repos got hit for the second time in weeks. The Durable Task project was compromised in May; this is a re-compromise of the same code path, plus a much wider blast radius. If Microsoft can't keep their own OSS clean, no one's OSS is clean.
**CVE-2026-26268 turns .git/config into a sandbox escape.** Any untrusted repo you opened in Cursor < 2.5 could rewrite its own escape plan into git's config file and have Cursor execute it. Patched in 2.5, but the disclosure pattern matters.
Dashlane's "no breach" of the master password still means 20 vaults walked out. Brute-forcing 2FA over a weekend is the new phishing. If your password manager's 2FA is SMS or 6-digit TOTP, your threat model is wrong.

Microsoft takes down ~70 GitHub repos over Miasma worm

Microsoft temporarily disabled about 70 of its own GitHub-hosted open source projects on June 5–8, 2026, after a credential-stealing worm dubbed "Miasma" was found in code tied to Azure, Claude Code, Gemini CLI, and VS Code (TechCrunch, 6/8/2026; American Bazaar, 6/9/2026). Cloudsmith and the OpenSourceMalware community tracker were the first to flag the incident (Cloudsmith; OpenSourceMalware).

Microsoft spokesperson Ben Hope told TechCrunch: "We have temporarily removed some repositories as we investigated potential malicious content. Some of these repos have been restored after review, while others may remain offline." Affected users were notified directly. The actual number of developers who pulled the malicious builds has not been disclosed.

The Miasma worm works by injecting a 4.3 MB dropper into a GitHub repo and wiring it to auto-run through whatever AI coding CLI the developer happens to have installed — Claude Code, Gemini CLI, or VS Code's Copilot extension are all valid triggers (SafeDep writeup, 6/5/2026). It's a classic supply-chain attack tuned for the agentic-coding era.

This is Microsoft's second breach in two months. Ars Technica's reporting indicates the new incident is a re-compromise of the Durable Task project, which was hacked in mid-May (Ars Technica, 6/2026). If Microsoft couldn't eradicate the attackers on the first attempt, your threat model for any Microsoft-OSS dependency needs to be set to "compromised" until proven otherwise.

Cursor ships patch for sandbox escape CVE-2026-26268

NVD published CVE-2026-26268 on February 13, 2026 — a sandbox-escape vulnerability in Cursor that allowed untrusted code to write to the user's .git/config file and break out of the editor's sandbox (NVD; Aqua Security). Patched in Cursor 2.5.

The disclosure matters more than the severity: Cursor is the AI code editor of record for thousands of shops, and sandbox escapes in AI-native editors are now a quarterly event. Repello's June 2026 enterprise hardening guide counts 11+ CVEs in Cursor in 2025–2026 alone, including the CVSS 9.9 sandbox escape, MCPoison, CurXecute, TrustFall, and 94 unpatched Chromium issues (Repello AI). The same week, a separate Cursor advisory — CVE-2026-22708 — disclosed an allowlist bypass that let shell built-ins like export and typeset poison the environment and turn approved commands into RCE (LLM-Hacking).

For a developer, the practical advice: keep Cursor on the latest release, never open a folder from a non-trusted source without a separate user account, and add .claude/settings.json, .mcp.json, and ~/.cursor/ to your secrets-scanning tool's deny list.

Dashlane discloses 2FA brute force, ~20 vaults stolen

Dashlane disclosed on June 2, 2026 that attackers spent a weekend rapidly guessing 2FA codes, breached roughly 20 customer accounts, and exfiltrated their encrypted password vaults (TechCrunch, 6/2/2026; Ars Technica covered by TheCyberSecHub, 6/3/2026). The vaults were encrypted, but the master passwords on the targeted accounts were reused from other breaches, and the brute-force window on 6-digit TOTP was wide enough to land guesses.

The lessons are old, and yet:

6-digit TOTP is brute-forceable in a weekend if the attacker can spray fast enough. The standard SMS or 6-digit TOTP threat model died in 2024.
Reused master passwords from prior breaches are the unlock. Dashlane's marketing line is "we never lost your master password" — true, but the attackers didn't need it.
FIDO2 / hardware-key 2FA is the floor for password-manager accounts now. Anything else and you're accepting the weekend brute force as a known risk.

The Take

Three stories, one through-line: the threat model for "trusted" software is now permanently compromised.

Microsoft can't keep its own OSS clean. Cursor can't ship an AI editor without sandbox escapes. Dashlane can't protect 2FA that is, by design, brute-forceable over a weekend. The asymmetry is that the attackers only have to find one of these, and the defenders have to keep all of them closed.

For a builder, the takeaway is uncomfortable: the days of "I trust this package because it's from a big vendor" are over. Treat every dependency — especially the ones from the AI-native toolchain — as compromised-by-default, pin versions aggressively, and put your password manager behind a hardware key.

Quick Summary

Microsoft pulled ~70 GitHub repos after the Miasma worm hit Azure, Claude Code, Gemini CLI, and VS Code — the second Microsoft OSS compromise in two months. Cursor patched CVE-2026-26268, a sandbox escape via .git/config writes, in version 2.5. Dashlane disclosed that 20 customer vaults were stolen after a weekend 2FA brute force on accounts with reused master passwords. "Trusted" software is no longer a defensible threat model.

Sources:

MS Open Source Tools Hacked , Cursor Sandbox Escape , Dashla