Microsoft disabled at least 70 open-source GitHub repositories, many related to Azure cloud platform and AI development tools, after attackers compromised them to inject malicious code designed to steal developer credentials. The supply-chain attack affected projects including Claude Code, Gemini CLI, and VS Code extensions. Microsoft confirmed malware injection and notified a small number of affected customers who downloaded compromised code. This marks the second known GitHub compromise of Microsoft repositories within weeks.
- Hackers breached Microsoft's open-source tools on GitHub to stea(opens in a new tab)
- Hackers exploit Microsoft open-source software to steal AI devel(opens in a new tab)
- This Week In Security: Microsoft On Microsoft, Register Your Dom(opens in a new tab)
// Get alerts for Microsoft Azure