Dumpdump-Linked Breaches Surge; Miasma Worm Hits 73 Microsoft Repos
Summary
Today's threat landscape is defined by a surge in alleged data breach claims from the actor Dumpdump, who is responsible for over a dozen distinct incidents targeting organizations across Europe, Latin America, and Asia. Simultaneously, a self-replicating supply chain attack known as the Miasma worm has compromised 73 Microsoft GitHub repositories, signaling a significant escalation in software supply chain risks. Defenders should prioritize patching for the actively exploited SolarWinds Serv-U flaw (CVE-2026-28318) and the Cisco Catalyst SD-WAN Manager vulnerability (CVE-2026-20245), for which no patch is currently available.
Today's developments
The actor Dumpdump dominates today's reporting, allegedly claiming data breaches or sales involving over a dozen organizations. Victims span multiple sectors and geographies, including the Japan Foundation (Japan, non-profit), Bergfex GmbH (Austria, information services), SM-Clinic (Russia, healthcare), Proximus Group (Belgium, telecom), and Andorra Telecom (Andorra, telecom). Other alleged targets include e-commerce platforms such as Wehkamp Retail Group (Netherlands), Mycarforum (Singapore), and Mredy.com (Iraq), as well as educational institutions like the University of Latvia and Skola2030 (Latvia). The breadth of Dumpdump's claims suggests a broad, opportunistic targeting pattern rather than a focused campaign.
Separately, the actor BABAYO EROR SYSTEM continues to target Indonesian government entities, allegedly breaching BPJS Kesehatan (health insurance) and Kemendagri (Ministry of Home Affairs). Additional Indonesian government victims include Kota Palangkaraya, Kota Banjarmasin, and Kecamatan Parenggean, all allegedly claimed by actor KNOK666X. The concentration on Indonesian public sector systems remains a persistent concern.
In the financial sector, actor cabyc has allegedly posted multiple datasets targeting Indian banking institutions, including claims of 54.8 million banking records and 80,000 records from First Bank of India. These claims, if substantiated, represent a significant threat to Indian financial data security.
Industry reporting highlights two critical developments. First, the Miasma worm has impacted 73 Microsoft GitHub repositories across four organizations (Azure, Azure-Samples, Microsoft, and MicrosoftDocs), according to OpenSourceMalware. This self-replicating supply chain attack has prompted GitHub to disable access to those repositories. Second, CISA has added CVE-2026-28318 (SolarWinds Serv-U, CVSS 7.5) to its Known Exploited Vulnerabilities catalog, citing active exploitation. Separately, Cisco warns that CVE-2026-20245 affecting Catalyst SD-WAN Manager (CVSS 7.8) is under active exploitation with no patch available.
Threat landscape signals
Today's data reveals a pronounced concentration of activity against government and financial sectors in South and Southeast Asia. India and Indonesia account for 45 of the 221 tracked events, with actors like BABAYO EROR SYSTEM, KNOK666X, and cabyc driving much of that volume. The repeated targeting of Indonesian government agencies and Indian financial institutions suggests these actors may have established access or are systematically probing for vulnerabilities in these regions.
The Dumpdump actor's activity is notable for its geographic and sectoral diversity, hitting targets in over a dozen countries. This pattern may indicate a data broker or reseller aggregating and selling access, rather than a single ideologically motivated group. Defenders should monitor for Dumpdump-related indicators across all sectors, as the actor's targeting appears indiscriminate.
The Miasma worm incident underscores the growing risk of automated, self-replicating supply chain attacks. Organizations using Microsoft GitHub repositories should immediately audit their repositories for unauthorized modifications and review access controls. The simultaneous exploitation of SolarWinds Serv-U and Cisco SD-WAN Manager vulnerabilities further emphasizes the need for rapid patch management, especially for internet-facing infrastructure.