Hajra Naz
Microsoft has taken dozens of open-source projects offline from GitHub. The action came after signs of a breach. Hackers may have accessed the repositories and inserted malware. The code appears designed to steal passwords and other sensitive data from developers using the tools.
Many affected repositories connect to Microsoft Azure. Others link to developer tools used in AI coding workflows. Some projects work with Claude Code, Gemini CLI, and Visual Studio Code. Developers depend on these tools for daily software work. The incident has raised concern across the coding community.
Security Researchers Flag the Threat
Security firm Cloudsmith and OpenSourceMalware first reported the issue. Their findings point to malware hidden inside trusted repositories. The code can trigger when users open the tools inside AI coding environments. Once active, it can collect login credentials and system data.
Researchers say the affected code blended into normal project files. Developers may not notice anything unusual at first. The malware then attempts to pull sensitive credentials from the system.
The number of downloads remains unknown. Microsoft has not shared how many users may be affected.
Read More: Microsoft Unveils Quantum Chip With 1,000x Power Boost and It Could Change Everything
Microsoft Removes Affected Repositories
Microsoft confirmed it removed the repositories during the investigation. The move was first reported by 404 Media.
A Microsoft spokesperson, Ben Hope, told the company pulled several repositories after detecting possible malicious content.
Some repositories have since returned after review. Others remain offline while checks continue.
Customers Notified During Investigation
Microsoft has contacted a small group of users. These users may have downloaded affected files. The investigation is still active.
The company said it will send more alerts if needed. Any future updates will go through official support channels.
Microsoft did not share how many customers received notifications. TechCrunch also did not receive a figure from the company.
More Than 70 Projects Reportedly Disabled
GitHub pages for several Microsoft projects now show access blocks. Reports say more than 70 repositories are affected.
Users trying to open them see a notice. It states that GitHub staff disabled access due to a terms violation. GitHub has not shared full details about each repository.
Read More: Microsoft Build 2026 event focuses on PCs, AI-powered cloud tools, and Windows changes
Second Open-Source Security Incident in Weeks
Large companies rarely face open-source breaches of this scale. Smaller independent projects are more common targets. Attackers often build trust over time before inserting malicious code.
This is Microsoft’s second known incident in recent weeks. Ars Technica reported another breach in May involving the Durable Task project. That tool helps developers build and manage applications.
OpenSourceMalware believes the latest case may link to the earlier one. They describe it as a possible re-compromise. It could mean attackers kept access after the first breach. It could also point to a new intrusion. Investigators are still working on the cause and connection.
