Microsoft has cut off access to at least 70 of its open source projects hosted on GitHub after hackers apparently breached the repositories and injected malware designed to steal passwords and sensitive credentials from developers using popular AI coding tools including Claude Code, Gemini’s command line interface, and VS Code.
The affected projects are primarily connected to Microsoft’s Azure cloud services and developer tools used alongside AI applications. According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, which were among the first to identify the breach, the malware activated when users opened the compromised tools within their AI coding environments, allowing attackers to harvest passwords and other credentials stored on their machines.
At least 70 Microsoft projects on GitHub have been disabled. Users attempting to access the affected repository pages encounter a message stating that access has been disabled by GitHub staff due to a violation of GitHub’s terms of service. GitHub is owned by Microsoft.
Microsoft spokesperson Ben Hope confirmed the repositories had been taken down. “We have temporarily removed some repositories as we investigated potential malicious content,” Hope said. “Some of these repos have been restored after review, while others may remain offline while work continues.” Hope added that the company notified a small number of customers who may have downloaded content from the affected repositories and said Microsoft would reach out directly through established support channels if further action is required. The company did not disclose the specific number of customers affected.
The breach is the second known incident of this kind involving Microsoft’s open source projects in recent weeks. In mid-May, security researchers reported that Microsoft’s Durable Task project, a tool that helps developers build applications, had been compromised in a similar manner. OpenSourceMalware described the latest incident as a possible re-compromise of the same project, raising the question of whether Microsoft fully eradicated the attackers following the first breach or whether an entirely new intrusion has occurred.
The attack is an example of what security researchers call a supply chain attack, in which hackers target widely used code rather than individual systems, allowing them to reach a large number of users at once. Developers who work with Azure and AI tools often have access to cloud infrastructure and sensitive customer data, making them high-value targets. While supply chain attacks against individual open source maintainers have become increasingly common, it is unusual for a company of Microsoft’s scale and security resources to be compromised in this way, let alone twice within a matter of weeks.
The number of users who may have downloaded the affected code before the repositories were pulled has not been confirmed.
