The breach, first brought to light by security firms Cloudsmith and OpenSourceMalware, highlights a critical vulnerability in the software ecosystem. By compromising repositories used for Azure and other cloud-based development, attackers gained the ability to harvest sensitive credentials from developers who downloaded the tainted code. Microsoft spokesperson Ben Hope confirmed that the company temporarily removed the affected repositories to conduct a thorough investigation, noting that some have been restored while others remain under review.
In section Startups & Technology
Microsoft Pulls Dozens of GitHub Projects After Malware Injection
Security researchers have identified a sophisticated supply chain attack targeting Microsoft’s open source repositories, leading the tech giant to disable access to at least 70 projects. Hackers successfully injected password-stealing malware into tools frequently utilized by developers working with AI interfaces like Claude Code and Gemini.
This incident marks the second time in recent weeks that Microsoft’s open source infrastructure has been targeted, with reports suggesting a potential re-compromise of the Durable Task project. While supply chain attacks against individual developers are increasingly common, this breach underscores the heightened risk faced by major tech corporations. Microsoft has begun notifying a small group of customers who may have interacted with the compromised content, though the company has yet to disclose the full scale of the exposure or the specific number of users impacted.
Comments (0)
No comments yet. Be the first!