Microsoft: Malicious code in open-source projects stole AI developers' credentials

Colleagues, a cybersecurity alert: Microsoft disabled dozens of open‑source GitHub repositories after malicious code was found exfiltrating passwords and credentials of AI developers.
- Signals from Cloudsmith and OpenSourceMalware: the malware steals credentials when tools are launched (Azure, Gemini CLI, Claude Code).
- GitHub disabled ≥70 projects; Microsoft confirmed the removals.
- This is a supply‑chain compromise; a re‑compromise of Durable Task is reported.
Why it matters: vulnerable libraries can grant access to clouds and client data.
Recommendations: audit dependencies, rotate keys, and restrict privileges.
How prepared is the industry to handle such attacks?
#cybersecurity #supplychain #openSource #Microsoft


Latest comments
No comments yet.