VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Microsoft: Malicious code in open-source projects stole AI developers' credentials

Microsoft: вредоносный код в open-source проектах украл пароли разработчиков ИИ

Colleagues, a cybersecurity alert: Microsoft disabled dozens of open‑source GitHub repositories after malicious code was found exfiltrating passwords and credentials of AI developers.

- Signals from Cloudsmith and OpenSourceMalware: the malware steals credentials when tools are launched (Azure, Gemini CLI, Claude Code).
- GitHub disabled ≥70 projects; Microsoft confirmed the removals.
- This is a supply‑chain compromise; a re‑compromise of Durable Task is reported.

Why it matters: vulnerable libraries can grant access to clouds and client data.

Recommendations: audit dependencies, rotate keys, and restrict privileges.

How prepared is the industry to handle such attacks?

#cybersecurity #supplychain #openSource #Microsoft

Latest comments

No comments yet.