Microsoft has cut access to at least 70 of its own GitHub repositories after attackers slipped password-stealing malware into the code, the company confirmed to TechCrunch.
The catch is where the malware fires. Security firm Cloudsmith and the community site OpenSourceMalware found the credential theft triggers when a developer opens the compromised tools inside an AI coding app, such as Claude Code, Gemini's CLI or VS Code. Many of the affected projects relate to Azure and other developer tooling, so the blast radius runs straight through the machines that hold cloud keys.
It is rare for a company Microsoft's size to be breached this way, and it is the second time in weeks. OpenSourceMalware describes the incident as a re-compromise of Durable Task, a Microsoft project hacked in mid-May, which suggests the attackers were never fully evicted the first time. Microsoft says it "temporarily removed some repositories" while it investigates, and has not said how many customers are affected.