// Alert

GitHub threat report

Microsoft disabled dozens of GitHub repositories after discovering password-stealing malware injected into open-source projects. The compromised projects, primarily related to Azure and AI development tools, exposed user credentials. Attackers distributed the malware to steal developer passwords and sensitive information. Microsoft confirmed the incident and restored some repositories after review while others remained offline. This represents a supply-chain attack targeting widely used open-source projects.

// Get alerts for GitHub