cursor

On June 5, 2026, a self-replicating supply chain worm compromised 73 Microsoft GitHub repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs — targeting developers through AI coding tool configuration files. GitHub contained the attack in 105 seconds. The attacker had been active since mid-May.

Two vulnerability research disclosures from Adversa AI broke the same month and hit the same targets. SymJack uses symlink hijacking to plant malicious MCP servers across six AI coding agents. TrustFall bypasses trust dialogs entirely. Together, they make every developer machine a potential supply chain attack surface.