Supply chain malware: IronWorm and Miasma
Key Questions
What is IronWorm malware and its impact?
IronWorm is a new supply-chain malware that has compromised 57 projects across nine organizations, spreading similarly to Shai-Hulud and Miasma worms.
Which ecosystems are targeted by Miasma and IronWorm?
The malware targets developer ecosystems including Azure and PyPI, posing risks to CI/CD pipelines and open-source supply chains.
What guidance has been issued regarding these threats?
The UK NCSC has urged organizations to audit dependencies and implement stronger controls to mitigate self-spreading supply-chain attacks.
New supply chain malware IronWorm hits 57 projects across 9 organizations – similar to Shai-Hulud/Miasma, rapid spread. Miasma worm continues to expand (Azure, PyPI). These attacks target developer ecosystems and CI/CD pipelines, posing significant risk to software supply chains.
Sources (2)
Updated Jun 12, 2026