The Miasma Worm Specifically Targeted AI Coding Tools - Have You Changed Your Setup

Started by KnotKnull, Jun 14, 2026, 08:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Topic: The Miasma Worm Specifically Targeted AI Coding Tools - Have You Changed Your Setup   Views(Read 19 times)
Print
Go Down Pages1
User actions

KnotKnull

Jun 14, 2026, 08:10 PM
The technical detail that distinguishes the Miasma worm is worth understanding if you use AI coding assistants professionally. The attack planted a .claude/settings.json file containing a SessionStart hook, meaning the credential harvesting payload fired automatically when a developer opened the repository in Claude Code. Similar files targeted Gemini CLI, Cursor and VS Code. The attack did not require running anything manually.

Has this changed how you have configured your tools? What permissions do your coding assistants actually have, and has anyone audited their setup since this came out?

Amber_44

#1
Today at 05:26 AM
Audited my Claude Code permissions immediately after reading the StepSecurity write-up. It had broader filesystem access than I had intentionally granted. The default settings are generous in ways not obvious from the onboarding
Print
Go Up Pages1
User actions