Back

Microsoft Open Source Projects Breached, Password-Stealing Malware Injected

Severity: High (Score: 64.5)

Sources: www.404media.co, Feeds.4Sysops, cloudsmith.com, Techcrunch

Published: 2026-06-08 · Updated: 2026-06-08

Keywords: microsoft, projects, hackers, breach, open, source, malware

Severity indicators: rce, breach, malware

Summary

Microsoft has disabled access to numerous open-source projects on GitHub after a supply chain attack that injected password-stealing malware into tools related to Azure and AI development. The malware targeted developers using these tools, exfiltrating sensitive credentials when they were accessed. Security firms Cloudsmith and OpenSourceMalware reported the breach, indicating that the scope of the attack is still being assessed. This incident follows a previous breach of Microsoft's Durable Task project, suggesting a potential re-compromise or ongoing vulnerability. The exact number of affected users remains unknown, but the incident highlights the increasing risk of supply chain attacks on widely used open-source software. Microsoft has confirmed the removal of the compromised repositories and is currently investigating the breach. Key Points: • Microsoft disabled access to multiple open-source projects due to a supply chain attack. • Malware was injected to steal passwords from developers using compromised tools. • This incident follows a recent breach of another Microsoft open-source project.

Detailed Analysis

**Impact** Dozens of Microsoft open-source projects on GitHub, primarily related to Azure cloud services and AI development tools such as Claude Code, Gemini CLI, and VS Code, were compromised. The injected malware was designed to steal passwords and sensitive credentials from developers using these tools. The exact number of affected users is unknown. This breach poses risks to developers’ accounts and potentially to cloud environments and customer data accessed through compromised credentials. **Technical Details** The attack involved a supply chain compromise where malicious code was injected into Microsoft’s open-source repositories. The malware specifically targeted AI development tools to exfiltrate passwords and credentials. This incident is described as a “re-compromise” of the Durable Task project, indicating either incomplete remediation or a new breach. No specific CVEs, malware names, or infrastructure details were provided in the sources. **Recommended Response** Defenders should immediately revoke and rotate credentials potentially exposed through the compromised tools and audit access to Azure and related cloud services. Microsoft’s disabled repositories should not be used until fully verified and cleaned. Monitoring for unusual authentication attempts and credential exfiltration activity is advised. No specific patches or IOCs were provided; therefore, heightened vigilance on developer environments and supply chain integrity is critical.

Source articles (4)

  • Microsoft’s open source tools were hacked to steal passwords of AI developers — Techcrunch · 2026-06-08
    Microsoft has cut off access to dozens of its open-source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code…
  • Hackers breach Microsoft open source projects to inject credential stealing malware — Feeds.4Sysops · 2026-06-08
    Microsoft recently disabled access to dozens of open-source repositories on GitHub following a supply chain attack. The breach targeted projects primarily related to Azure cloud services and various A…
  • Miasma Worms Path Of Destruction — cloudsmith.com · 2026-06-08
  • Microsoft Hacked To Deliver Malware To Claude And Gemini Users — www.404media.co · 2026-06-08

Timeline

  • 2026-06-08 — Microsoft disables access to open-source projects: Following a supply chain attack, Microsoft cut off access to numerous GitHub repositories to investigate the breach.
  • 2026-06-08 — Malware injection reported: Hackers injected malware into tools related to Azure and AI development, targeting developers' credentials.
  • Recent — Previous breach of Durable Task project noted: This incident is linked to a prior breach of Microsoft's Durable Task project, indicating potential ongoing vulnerabilities.

Related entities

  • Supply Chain Attack (Attack Type)
  • Microsoft (Company)
  • Azure (Company)
  • technica.in (Domain)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • T1195 - Supply Chain Compromise (Mitre Attack)
  • Claude Code (Tool)
  • VS Code (Tool)
  • GitHub (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed