Microsoft Open-Source GitHub Repos Hacked to Steal Credentials From AI Developers
Tags Security · OSS · Enterprise
Microsoft temporarily disabled at least 70 open-source GitHub repositories for Azure and AI coding tools after hackers injected password-stealing malware targeting users of Claude Code, Gemini CLI, and VS Code. Security firm Cloudsmith and community site OpenSourceMalware first flagged the hack. Microsoft spokesperson Ben Hope confirmed repos were 'temporarily removed' and 'some have been restored after review, while others may remain offline.' This is Microsoft's second known breach of open-source projects in weeks, following a mid-May 2026 hack of the Durable Task project, which OpenSourceMalware described as a 're-compromise.'
Technical significance
The compromise of 70+ Microsoft open-source repositories represents a significant supply chain attack targeting AI developers specifically. The fact that this is the second such breach in weeks suggests either persistent access by the same threat actor or systemic security gaps in Microsoft's open-source repository management. Developers who pulled packages from these repos during the compromise window may have had credentials stolen, potentially affecting downstream projects.