The June 2026 ThreatsDay Bulletin, published June 11 by Rescana, is an aggregated cyber threat digest. This analysis relies primarily on the Rescana ThreatsDay Bulletin as the aggregator source; independent verification of technical claims is limited to NVD for CVE-2026-49494 and The Hacker News for partially corroborated items. Several stories mentioned in the bulletin's headline — Smart TV Proxyware, 24-Year curl Bug, and AI Crime Forums — are not detailed in the available sources.
- The Miasma toolkit, leaked on GitHub on June 10, 2026, is a modular framework for supply chain attacks targeting PyPI, npm, RubyGems, JFrog Artifactory, GitHub Actions, and AI coding tool configurations; over 304 components and 73 Microsoft GitHub repositories are confirmed impacted.
- The vulnerability in the GitHub Action for Claude Code is patched in version 2.1.128, released by Anthropic on May 5, 2026; it allowed access to CI/CD environment variables via /proc/self/environ.
- CVE-2026-49494, an integer underflow in the Comodo/Xcitium Inspect.sys driver, enables remote system crash via a single crafted IPv6 packet; CVSS v3.1: 7.5, fix expected 2026 Q3.
- Phishing demonstrated against OpenClaw and Claude Code AI agents: AWS IAM credentials, database passwords, and SSH tokens exfiltrated via social engineering.
- Cordyceps: a new class of CI/CD weakness exposing 300+ GitHub repositories; 507 private Meta repositories exposed via misconfigured Grafana instance; npm package 'ambar-src' amassed 50,000+ downloads in 3 days using 'download pumping' technique.
Key Stat: 304+ software components and 73 Microsoft GitHub repositories confirmed impacted by the Miasma/Hades campaign.
Miasma/Hades: Supply Chain Toolkit Goes Public
On June 10, 2026, the Miasma framework was published on GitHub through compromised developer accounts, in the repository "Miasma-Open-Source-Release." According to the primary source, this is not a single piece of malware but a modular, multi-stage toolkit that replaces traditional command-and-control with three independent channels based on GitHub commit search: "DontRevokeOrItGoesBoom" for personal access token exfiltration, "TheBeautifulSandsOfTime" for JavaScript payload delivery, and "firedalazer" for Python RCE backdoors.
The Python variant is dubbed Hades. Propagation occurs through credential compromise across multiple registries and AI coding tool configurations. The documented scale is significant: over 304 components and 73 Microsoft GitHub repositories confirmed impacted, per Rescana and The Hacker News. SafeDep, cited by both sources, characterized Miasma as "a complete toolkit for supply chain attacks that allows executing various attacks via stolen credentials against arbitrary or targeted packages on public registries."
The use of GitHub as a C2 platform makes malicious traffic indistinguishable from legitimate activity. Reliance on cryptographic string search in commits rather than dedicated servers reduces the network-based detection surface.
Claude Code: Vulnerability Patched in GitHub Action
Anthropic released version 2.1.128 of the GitHub Action for Claude Code on May 5, 2026, following responsible disclosure by Microsoft. The previous version contained a vulnerability allowing access to unsanitized environment variables through /proc/self/environ in the action runner context.
GitHub Actions run in CI/CD environments with access to secrets and cloud credentials. The ability to read the entire environment via a standard filesystem path represents a bypass of expected sandboxing. Version 2.1.128 has been released; the brief does not specify whether the vector is fully mitigated.
CVE-2026-49494: Comodo Firewall Crashes Before Filtering
The NVD record for CVE-2026-49494 documents an integer underflow in the Inspect.sys driver of Comodo Internet Security and Xcitium Client Security. The flaw resides in the IPv6 packet parser: a crafted packet with a manipulated length field triggers an out-of-bounds read causing a system blue screen, even when all ports are blocked by firewall rules.
Per NVD, the CVSS v3.1 score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), with a v4.0 rating of VA:H. Affected versions are Xcitium Client Security prior to 13.8.2.10019 and Comodo Internet Security up to 12.3.4.8162. The fix is expected in Q3 2026; the NVD record explicitly states it is "not being prioritized for NVD enrichment efforts."
The crash occurs before firewall rules are applied, rendering perimeter block configurations ineffective. The attacker requires no authentication or user interaction.
AI Agent Phishing: Demonstration Against OpenClaw and Claude Code
The bulletin reports a demonstrated phishing attack against autonomous AI agents: AWS IAM credentials, database passwords, and SSH tokens were exfiltrated via social engineering directed at OpenClaw ("Pinchy") and Claude Code. The brief documents this as demonstrated but with scope limited to specific agents, not as a generalized pattern.
SilabRAT, operated by an actor named "o1oo1," is a RAT-as-a-Service marketed at $5,000 monthly. According to Group-IB, cited by The Hacker News, the service offers Hidden Virtual Network Computing, browser profile cloning, and crypto wallet theft, distributed via the ClickFix/Hijack Loader chain. The operator's real identity is undetermined.
SStar Agent is a cross-platform RAT for Windows and macOS distributed via the npm package "tw-style-utils" and the GitHub repository "star45674/smart-contract-engineer-role." The lure uses a fake assessment for a Web3 role. Sources cited in the bulletin flag overlaps with operational patterns attributed to North Korea-linked groups, without definitive attribution confirmation.
Other Bulletin Items: Cordyceps, Meta, Tenable
The bulletin documents additional stories not detailed in the available primary sources. Cordyceps is a new class of CI/CD weakness exposing 300+ GitHub repositories to supply-chain attacks. 507 private Meta repositories were exposed via a misconfigured Grafana instance. The npm package "ambar-src" reached 50,000+ downloads in 3 days using a "download pumping" technique: publishing hundreds of benign versions before the malicious payload.
Ghost-Sender exploits Microsoft Exchange misconfigurations (Online/on-premises hybrid) to spoof any sender, bypassing SPF/DKIM/DMARC. According to InfoGuard Labs, cited by The Hacker News: "Using Exchange Online (or on-premises Exchange in hybrid mode) in combination with an external MX record, such as a third-party email server or spam protection solution, can allow the spoofing of emails from any sender to any recipient in the target tenant."
What Changes
The June 2026 ThreatsDay Bulletin documents a convergence: legitimate development tools and attack infrastructure now share the same surface, GitHub. Miasma uses commit search as C2; SStar Agent distributes malware via npm and repositories; Claude Code and AI agents become both targets and potential vectors. The code hosting platform has simultaneously become vector, target, and command channel.
The brief provides no specific operational mitigations. This section explicitly states that limitation as an editorial constraint derived from the primary source.
The source does not specify verified countermeasures for Miasma beyond awareness of the commit-based vector. For CVE-2026-49494, the source does not specify workarounds beyond awaiting the vendor fix. For AI agent phishing, the source does not specify mitigations beyond recognition of the demonstrated risk.
Information has been verified against cited sources and is current as of publication.
Sources
- https://www.rescana.com/post/threatsday-bulletin-june-2026-miasma-supply-chain-worm-leak-claude-code-github-action-vulnerability-ai-agent-phishing-to
- https://www.wiu.edu/cybersecuritycenter/cybernews.php
- https://nvd.nist.gov/vuln/detail/CVE-2026-49494
- https://thehackernews.com/2026/06/threatsday-bulletin-worm-code-leaked-ai.html
- https://www.varonis.com/blog/ai-agent-phishing