ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories

A public release of the Miasma supply-chain attack toolkit (assessed as a variant of the Shai-Hulud worm) has been linked to credential theft affecting software ecosystems across PyPI, npm, RubyGems, JFrog Artifactory, GitHub repositories and GitHub Actions, with follow-on evolution toward a Python variant called Hades. The same roundup also highlights “Ghost-Sender” email spoofing risks in certain Microsoft Exchange configurations and “Pinchy” AI email-agent phishing weaknesses in OpenClaw that can trick agents into forwarding sensitive AWS IAM keys, database passwords, and SSH access. No specific CVE IDs were provided in the report, but the incidents matter because they target identities, build pipelines, and autonomous agent workflows where traditional defenses can lag.