Microsoft has disabled access to dozens of open-source projects hosted on GitHub following a cyberattack that injected password-stealing malware into developer tools.
The affected repositories include projects linked to Microsoft’s Azure cloud platform and software development tools used with AI coding applications such as Claude Code, Gemini CLI and Visual Studio Code.
Security researchers from Cloudsmith and OpenSourceMalware were among the first to identify the compromise. According to their findings, the malicious code was designed to steal passwords and sensitive credentials from users who downloaded or interacted with the affected projects.
Microsoft confirmed that it temporarily removed repositories while investigating the incident. Company spokesperson Ben Hope said some projects have since been restored, while others remain offline pending further review.
The company also said it had notified a small number of potentially affected customers and would continue contacting users if additional risks were identified.
More than 70 Microsoft-owned repositories were reportedly disabled on GitHub as part of the response. Security experts have described the incident as a supply chain attack, a type of cyberattack in which hackers compromise widely used software components to reach large numbers of users.
The breach follows another recent compromise involving Microsoft’s open-source Durable Task project, raising concerns about repeated targeting of the company’s developer ecosystem.
