Microsoft disables dozens of GitHub repositories following open-source supply chain attack

Microsoft has disabled access to dozens of open-source code repositories hosted on GitHub, including critical tools for its Azure cloud service and various artificial intelligence coding applications. The action follows a security breach in which hackers injected password-stealing malware into the code of these projects. Security firms Cloudsmith and OpenSourceMalware identified the breach, reporting that the malware allowed attackers to steal user credentials when the compromised tools were opened in AI coding apps such as Claude Code, Gemini’s command line interface, and VS Code.

At least 70 projects belonging to Microsoft have been marked as disabled on the code-hosting platform, which Microsoft owns. A message displayed on the affected repository pages stated that access had been disabled by GitHub staff due to a violation of the site’s terms of service. Microsoft confirmed the repositories were pulled, a move first reported by 404 Media. A spokesperson for the software giant acknowledged receipt of inquiries but did not immediately provide further comment regarding the scope of the incident or the specific method used by the attackers.

The incident is classified as a supply chain attack, a tactic where hackers target widely used code to compromise a large number of users or gain access to cloud systems and customer data. While it is not uncommon for sole developers of open-source projects to be targeted, it is considered rare for large technology giants with significant defensive resources, such as Microsoft, to be breached in this manner. The exact number of users who downloaded the affected tools remains unknown.

This event marks Microsoft’s second known compromise of its open-source projects in recent weeks. In mid-May, security researchers reported that the Durable Task project, a tool assisting developers in building applications, had been hacked. OpenSourceMalware has suggested that the current incident may be a re-compromise of the Durable Task project, implying that Microsoft may not have fully eradicated the hackers in the first instance or that a distinct new breach has occurred.

Ars Technica reported on the earlier Durable Task breach, highlighting the recurring nature of these security failures. The latest disruption underscores the vulnerabilities inherent in the open-source ecosystem, where widely popular projects are frequently targeted to plant malware on users’ computers. As Microsoft investigates how the hackers breached its infrastructure, the industry remains focused on the implications for developers relying on these tools for cloud and artificial intelligence development.