Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines.

The incident occurred on June 5, and it was contained within just 105 seconds. The company told BleepingComputer that the repositories were removed due to concerns that they distributed “potential malicious content.”

Multiple researchers confirmed that the repos were pulled after a compromise during a Miasma/Shai-Hulud supply-chain campaign.

The OpenSourceMalware platform notes that the ‘durabletask’ – a repository in Microsoft’s Azure organization on GitHub, was compromised in May, indicating that an incomplete cleanup allowed the threat actor to return with a new compromise. However, this has not been confirmed.

Immediately after removing the repositories, a message was displayed explaining that the action was taken by the GitHub Staff “due to a violation of GitHub’s terms of service.”

A Microsoft representative responded to user concerns in a community discussion, stating that the repositories were disabled because of “an internal management issue” and that an investigation was underway.

The most significant immediate effect of this incident was disabling access to ‘Azure/functions-action,’ a GitHub Action used by many developers to deploy Azure Functions.

Workflows referencing it stopped working because there was nothing in the specified repository to resolve the action, causing an outage and confusion.

At the time of writing, though, all repositories have been restored and are considered clean and safe to use.

However, the OpenSourceMalware platform notes that the ‘durabletask’package on the Python Package Index (PyPI), had been compromised in May when the threat actor pushed three malicious versions (1.4.1, 1.4.2, 1.4.3).

In a statement for BleepingComputer, a Microsoft spokesperson explained that the company “temporarily removed some repositories as we investigated potential malicious content.”

While all repositories have been restored, Microsoft “notified a small number of customers who may have pulled down content from the affected repositories.”

“We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels,” a Microsoft spokesperson told us.

Security engineer Adnan Khan said that the June 5th incident affecting Microsoft repositories appeared to be part of the Miasma malware campaign that infected 32 of Red Hat’s npm packages.

In a report this week, software supply chain management company Cloudsmith concluded that Microsoft’s Azure environment on GitHub and the ‘durabletask’ repository were compromised via Miasma, which targeted AI coding tools (e.g., Claude Code, Gemini CLI, VS Code, Cursor).

The hacker pivoted from Red Hat’s npm packages to Microsoft’s resources on GitHub.

“The worm initially struck the @redhat-cloud-services npm namespace by compromising a Red Hat employee’s GitHub account. By pushing unreviewed orphan commits to internal repos, the threat actors injected a minimal workflow that requested GitHub’s OIDC tokens,” the researchers said.

Supply-chain attacks continue to target open-source ecosystems. Yesterday, application security company Socket reported that it spotted a new Shai-Hulud attack over the weekend that relied on a new delivery mechanism.

StepSecurity published a separate report focusing on a Shai-Hulud attack impacting Pythagora-io/gpt-pilot, a popular open-source AI developer tool with more than 33,700 GitHub stars and over 3,500 forks.

Software developers should consider locking their project dependencies, adding multi-day time delays to fetch new package updates, and testing new builds on isolated environments.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Advertisement

Get the whitepaper

The new Siri AI was the star of the show at Apple’s Worldwide Developer Conference (WWDC) this year, and while iOS 27 isn’t bringing major changes, it’s still got many small features that could improve everyday usage for iPhone users.

Here is a non-exhaustive list of features that Apple didn’t talk about on stage:

• iOS 27 now allows you to add full-screen widgets on the home screen, making it easier to scan news or your calendar.

• Users can now set separate volume levels for alarms, timers, alerts and system sounds. Users will need to navigate to Settings > Sounds & Haptics, turn off the “Match Ringtone Volume” toggle, and adjust sliders manually.
• Apple is making it easier to copy and paste text or images between apps. When you have text or a screenshot in your clipboard, you will get an option on the keyboard to paste it. This is similar to how you post one-time passcodes from Messages.

• The weather app is getting a design update: there’s a new highlights section that surfaces notable events in the upcoming days. Plus, you can now easily switch between Conditions, Precipitation, and Wind views.

• Users can now customize the Messages app to show either a voice recording or dictation button, or hide them entirely.

• Messages now offers a Drawing option, allowing you to sketch a note or a diagram and send it to others.

• The camera controls are getting an overhaul, with easy access to depth, grid, and level options.

• The emoji keyboard has a small scroll bar at the bottom.
• Timer has a new slider UI when you activate it from the control center.
• You can hide your location in Find My from a specific person for a set amount of time without letting them know.

A longevity startup has dosed its first patient with a drug to reverse age-related sight loss.

Life Biosciences is testing its ER-100 drug, which the company claims has restored vision in monkeys, for safety and side effects in a study of around 18 adults over the next year.

It will be targeting patients with glaucoma and NAION, two conditions that cause damage to crucial cells in the optic nerve, which transmits visual information from the back of the eye to the brain. ER-100 is designed to rejuvenate those cells so that they work again and restore sight.

It is the first-ever cellular rejuvenation therapy using this technology to receive FDA clearance to enter human clinical trials, and hence the first chance to test whether the technology can “ameliorate human disease,” according to Life Biosciences cofounder and professor of Genetics at Harvard Medical School, David Sinclair.

Aging biology—understanding how the body’s cells and functions deteriorate over time—is at the root of longevity science. ER-100 is the focus of major interest across biotech for its potential to reverse cellular aging. Life Biosciences, based in Boston, says it is developing applications for its technology to tackle a host of age-related diseases in a variety of organs, like fatty liver disease.

“Our research has suggested that aging is driven in large part by the loss of epigenetic information, not irreversible damage. This clinical study represents the first opportunity to test whether restoring that information can ameliorate human disease,” Sinclair said.

Just over a week ago, Meta’s AI-powered chat assistant unwittingly gave hackers access to thousands of Instagram accounts, including high-profile ones such as makeup retailer Sephora and the top noncommissioned officer of the US Space Force, as well as Barack Obama’s White House account.

The exact number was later revealed in a regulatory filing with the Maine attorney general’s office. The total stands at 20,225 compromised accounts (30 of whom were Maine residents).

The hack, reported by 404 Media last week, was easy to pull off against account holders who had not enabled two-factor authentication. Hackers simply asked the AI-powered bot to change the email address for a targeted account to their own. Once that was granted, the hackers requested a password reset, prompting the AI to send a code to their personal email address. After hackers verified the password reset, they were able to take control of the account. 

An edited step-by-step video of the process even appeared on X, showing how the hackers used a VPN to make it seem they were in the target’s location. At no point did the hackers even need the user’s email address or original password. 

In an incident notification letter to Maine Attorney General Aaron Frey, dated June 5, Meta acknowledged “a vulnerability in the AI-assisted account recovery system for Instagram … that was exploited by unauthorized third parties to perform password resets on Instagram user accounts.” 

After the exploit was made public, many Instagram users reported on Reddit and X that their accounts had been hacked, though the breadth of the hack wasn’t clear at the time. A Meta spokesperson posted on X that the exploit was fixed as of June 1, shortly after initial reports. 

How did AI let the hack happen? 

The problem is almost entirely due to Meta’s customer support now being run by AI. The tech giant made the switch back in March, saying it would enable “24/7 help for account issues like updating your password and settings for your profile.” 

But with the AI chatbot handling the whole process, humans couldn’t step in when suspicious activity began. That allowed hackers to carry out the social engineering-style attack and pull it off multiple times before anyone noticed.

Affected accounts were forcibly logged out for all users and email addresses were restored. Users were then told to reset their passwords and reauthenticate their logins. Meta says that once the accounts are secured, a second notice will be sent to remind people to turn on two-factor authentication to prevent future attacks. 

Meta has not yet responded to a request for comment. 

How to protect yourself from similar attacks

The social engineering exploit had one major limitation: It did not work on accounts with multifactor authentication. Those accounts either already had the code in their authentication app of choice or received it by text. Without the MFA setting, the one-time reset code appears to be sent to an email address of choice, thereby letting hackers just, well, have it. 

The best way to protect yourself is to enable multifactor authentication, which is available on all of Meta’s platforms. It won’t protect you 100% of the time, but it’s a lot better than a password by itself, and it would’ve protected against this particular exploit entirely. 

There are other things you can do to beef up account security, including using passkeys where available and a private email address to make your account credentials harder to find.

• Threat actor reused unrotated GitHub Actions secrets to compromise 73 Microsoft repos
• Miasma worm planted across Azure, microsoft, Azure‑Samples, and MicrosoftDocs orgs
• Microsoft pulled affected repos, notified impacted customers, and continues investigation

GitHub has disabled 73 of Microsoft’s repositories after a threat actor allegedly used credentials stolen a month ago to break in and plant an infostealer.

The news was confirmed by security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, which revealed that in mid-May 2026, someone (most likely TeamPCP) used stolen Microsoft’s GitHub Actions secrets to publish malicious PyPI packages. While these were quickly yanked from the platform, it seems that Microsoft never rotated the secrets used in this attack.

Unlike most years, Apple’s WWDC 2026 carried more weight than usual, not just because it was Tim Cook’s final keynote as CEO, but also because it represented Apple’s chance at redemption after missing deadlines, mounting questions, and criticism about its ability to keep pace in the AI race. 

Fortunately, Apple answered many of those questions on June 8, 2026, unveiling an upgraded AI-powered Siri alongside a range of new Apple Intelligence features, while also raising a few fresh questions. WWDC was packed with announcements across six operating systems that underpin Apple’s ecosystem of devices. 

Here’s a quick roundup of everything that the company announced during its WWDC 2026 keynote. 

Apple WWDC 2026 at a glance

What’s new in iOS 27?

In line with the early rumors, iOS 27 is indeed a Snow Leopard-style software update that fixes all the underlying machinery.

Better day-to-day performance

The result is an update that feels faster and brings several quality-of-life improvements for iPhone users, including up to 30% faster app launches and up to 70% quicker photos loading times (after you’ve shot them), and, the most important one for me, up to 80% AirDrop transfers.

And it’s not like iOS 27 only focuses on the new or recent iPhone models. Even if you’ve been holding on to an older iPhone that supports iOS 27, a rebuilt CPU scheduler will make it feel genuinely more responsive in day-to-day use. 

Liquid Glass transparency slider

Addressing the legibility issues with Liquid Glass, Apple has added a new transparency slider that lets you dial it anywhere from ultra-clear to fully tinted. App icons have also been sharpened with additional refraction layers, and toolbars and sidebars (within apps) have been cleaned up for a more uniform look. 

Safari, Search, Health, and everything else

Apple’s Safari web browser adds topic-based tab organization and a built-in Notify Me feature (for product restocks and price drops).

System-wide Search has been rebuilt from scratch. It now comes with a new index that loads on update, delivering faster and more reliable results across apps like iOS, Mail, and Photos. Mail gets a new ranking system that surfaces more relevant results. 

Apple Maps gets an AI-powered Flyover that shows cities in a three-dimensional birds-eye view, with detailed and labeled environments including landmarks and buildings. The Passwords app now autonomously navigates to vulnerable sites and upgrades weak passwords.

The Health app gets perimenopause and menopause support for Cycle Tracking, with notifications for deviations. Apple Photos now offers a new slideshow maker, along with three new Apple Intelligence powered editing tools: Spatial Reframing (the one I’m most curious about), Extend, and upgraded Clean Up. 

You might have missed it, but Apple also announced a new way of creating Shortcuts. Instead of learning how to create them, you can simply describe a Shortcut in plain language, and iOS 27 will create one for you. That’s a win for most iPhone users I know, who never touched Shortcuts before. 

iCloud Shared Albums now support full-resolution sharing with Windows and Android users, while CarPlay gets video app support. 

I’ve been wanting a custom EQ for AirPods for longer than I care to admit, and iOS 27 finally delivers it, and with iOS 27, I’ve got that as well. The AirPods Pro 3 also get GymKit heart rate syncing through the iPhone. Apple’s Home app also gets consolidated notifications, powered by Apple Intelligence.

Child safety and parental controls

The European Union (EU) has been a major regulatory driver behind all the child safety and parental control announcements you’re seeing from different companies, and Apple’s new child safety and parental control features, including Ask to Browse, Communication Safety enhancements, and Declared Age Range API are built around protecting younger users.

With a child account enabled, users need explicit real-time parental permission before accessing a new website via Safari. Communication Safety now blocks graphic violence and gore in shared images and videos. Developers can request a child’s broad age bracket via the child account without asking for an exact birth date.

Other features include mandatory contact approvals, category-specific time allowances, Screen Time dashboard overhaul, and a simplified child account setup. 

iOS 27 compatibility and release timeline

Apple’s latest iPhone operating system doesn’t drop any old iPhones, including all the models in the iPhone 11 lineup. Apple Intelligence still required an iPhone 15 Pro or newer model, while the most advanced on-device AI features require the A19 Pro chipset (including the new Siri tone and updated dictation flows).

What is Siri AI and what can it do?

The old Siri, at least in my experience, wasn’t all that bad. It showed up and performed well for tasks like setting alarms, general knowledge questions, enabling/disabling location services, etc. 

But when Google’s Gemini and third-party assistants like ChatGPT, Perplexity, and Claude raised the bar, Siri started to feel like it was stuck in the slow lane.

Apple’s new Siri AI fixes that. Built on Apple’s Foundation Models and Google’s Gemini tech, the new AI assistant now operates at the operating system level. This means that Siri can now access your Messages, Mail, Photos, and the on-screen content, in real-time, without switching apps. 

WWDC 2026 demos showed Siri surfacing specific photos with filtered faces without opening the Photos app, building a multi-stop navigation route by identifying a beach arch from an on-screen photo, and pulling up something a contact mentioned in a week-old message.

Siri AI can also write, edit, and proofread your mails, messages, or notes (similar to Writing Tools). What I find more interesting is that the assistant can match the tone of the conversation, drafting messages to your manager differently than the ones to your friends or family.

There’s a new dedicated Siri app that stores your conversation history and syncs it across all your devices.

With all the fancy bells and whistles, Siri AI (beta, opt-in) launches in English this fall across all the operating systems except tvOS 27. While it remains free with a daily usage allowance, features relying on server processing, including image generation and others, will have daily limits, with higher limits for iCloud+ users. 

It’s worth noting here that Siri AI won’t be available in the EU on iOS and iPadOS, while it won’t be available in China entirely. 

What’s new in Apple Intelligence beyond Siri?

While Siri AI has already made many headlines, Apple Intelligence has received multiple upgrades this time, enough that it finally feels like a platform rather than a feature list. 

To begin with, Image Playground now generates photorealistic images alongside its existing illustration styles and supports more aspect ratios and platforms than it did with iOS 26. Genmoji has also been overhauled, creating faster and significantly more expressive emojis. 

For the first time, Visual Intelligence expands beyond the iPhone. iPads get it integrated into the screenshot experience, while Macs get a dedicated keyboard shortcut for selecting anything on the screen and sending it directly to Siri. Vision Pro users can now look at anything around them and ask Siri about it. 

The Camera on iPhone gets a new dedicated Siri mode that lets you tap the shutter button and ask questions about what you’re looking at; it’s Apple’s answer to Google’s Gemini Live. Using the feature, you can get nutritional information about your meal, split bills through Apple Cash, and identify real-world objects. 

Messages now offers one-tap suggestions based on conversation context. So, tasks like creating a reminder, setting a note, and taking an action are all possible without leaving the thread. Call Context now generates AI summaries of incoming calls before you decide whether to answer. 

Apple Intelligence is also doing meaningful work on accessibility. VoiceOver now offers richer descriptions of images, while users can press the Action Button to ask Siri about what the camera is seeing (with detailed responses no less). Voice Control lets you describe interface elements without memorizing exact names, while Accessibility Reader adds summarization and translation.

What does your iPad get with iPadOS 27 this fall?

iPadOS 26 sure made your iPad feel like a real computer, but I’d say it’s the iPadOS 27 that makes it feel like a polished one, thanks to all the meaningful productivity improvements across the board.

With iPadOS 27, you no longer have to swipe to access the Menu Bar; you can place it permanently on the screen. That’s a second or two saved every time you switch between apps. iPhone apps can also be resized when running on iPad, closing an awkward display gap for users whose favorite apps never got a proper iPad version.

External drive performance gets a significant boost and file browsing and transfers are up to 5x faster than iPadOS 26, putting iPad on par with Finder on Mac. 

Siri AI is now available on compatible iPads with full capability, along with Safari’s topic-based tab organization, Notify me, AI-powered editing features in the Photos apps, and full-resolution iCloud Shared Albums with Android and Windows users. 

iPadOS 27 compatibility and release timeline

Unlike iOS 27, iPadOS 27 drops support for several older iPad models, including the first-generation 11-inch iPad Pro, third-generation 12.9-inch iPad Pro, iPad Air 3, iPad mini 5, iPad 8, and earlier. If you’re rocking any of those, it’s time to think about an upgrade.

Developer beta is now available for iPad users, while public beta arrives in July. The stable build ships this fall. 

Claude responded: | Devices | iPadOS 27 | Apple Intelligence |

What is new for your Mac with macOS 27 Golden Gate?

This year’s Mac release is called macOS Golden Gate, which is a reference to the strait connecting San Francisco Bay to the Pacific Ocean, but also a symbolic threshold. macOS 27 entirely drops support for Intel-based Macs, closing the door on old architecture for good.

In terms of design, macOS Golden Gate gets its soul back with colored sidebar icons, edge-to-edge sidebars, and a uniform toolbar across apps. It also gets the Liquid Glass transparency slider. 

In terms of functionality, Apple’s latest macOS version brings Siri AI integration directly into Spotlight search, letting you start a rich, multi-turn conversation from anywhere on your desktop. Visual Intelligence comes to Mac for the first time, while control-clicking an image or file now surfaces Siri as a native option in the context menu. 

All the other iOS 27 performance changes apply to Mac, including faster app launches, faster Search, all the new Apple Intelligence features, and Siri AI. The most advanced on-device AI features require an M3 Mac or later with at least 12GB of unified memory.

macOS 27 also follows the same schedule as iOS 27 and iPadOS 27: developer beta is already available, public beta ships July, while the stable build arrives in September 2026. 

Everything else Apple announced at WWDC 2026

Apple also announced improvements for other operating systems, including watchOS 27, visionOS 27, and tvOS 27. 

watchOS 27’s new features require Watch Series 10 or newer

This is the part where Apple raises more questions than it answers. The latest watchOS 27 makes the biggest compatibility cut in the device’s history, and I mean that. If you own a Series 9, Series 10, Ultra 2, or SE 3, you’re in the clear.

However, if you want to access new Apple Intelligence features, you’ll require a Series 10 or newer, which is where the compatibility cut hurts the most. 

Supported Apple Watch models get a redesigned Dynamic App Grid with five Siri-suggested app shortcuts (on the home screen), a new tap gesture that opens the Smart Stack, and a Find My app that merges Find Devices, Find Items, and Find People into one. Siri AI also arrives on the smartwatch with full conversational capability. 

visionOS 27 gets Siri AI and Visual Intelligence

visionOS 27 gets Siri AI as a floating 3D orb (with a wave-like animation) that you can place and position anywhere in your virtual environment. You can just look at it and start talking to Siri, without speaking out the “Hey Siri” wake phrase. 

Visual Intelligence now works on physical objects in your immediate surroundings. Panoramas can be converted into full spatial environments for immersive personal use. While app windows get a subtle curvature for a natural spatial feel, Wi-Fi connections are up to 3x faster on the mixed reality headset. 

And yes, Siri AI is available on Vision Pro in the EU. 

What about tvOS 27?

tvOS 27 got the shortest shrift of any platform at WWDC 2026, but the version still gets a redesigned Podcasts app, smoother app launch animations, Hi-Res Lossless audio in Apple Music, faster AirPlay connectivity, and on-device HomeKit Secure Video processing. 

Two models don’t make the cut: the Apple TV HD from 2015 and the Apple TV 4K first generation from 2017. The new update requires Apple TV 4K second generation or later.

It’s worth mentioning that WWDC 2026 was Tim Cook’s last keynote as Apple’s CEO. He will step down from the position on August 31, 2026, after being there for 14 years, handing over the company to John Ternus on September 1, 2026. 

In a way, there couldn’t have been a more fitting farewell keynote for the executive, as it was truly where Apple redeemed its position as the side runner to one who is back in the lead in the on-device AI capabilities race.

Watch Queen’s Club Championships 2026 live streams, as Emma Raducanu, Alexandra Eala and Elena Rybakina headline the women’s action during the first week of the fortnight-long grass-court tournament from west London.

The biggest story of all, however, is Serena Williams’ comeback. The 23-time grand slam singles winner retired in 2022, but has accepted a doubles wildcard, for which the 44-year-old has teamed up with Canadian teenager Victoria Mboko, who’s in the midst of a breakthrough campaign in which she’s reached the world’s top 10.