Microsoft Nukes 70 of Its Own GitHub Repos After Hackers Steal AI Dev Passwords

The security team at Microsoft had to hit the panic button and yank at least 70 open-source repositories from GitHub. Cybercriminals managed to sneak password-stealing malware directly into tools that developers use every single day.

It turns out the compromised code was sitting in projects deeply linked to Microsoft Azure and popular AI coding environments like Claude Code, the Gemini command-line interface, and VS Code. Basically, if someone was trying to build the future of AI with a trendy prompt, they were also generously gifting their corporate credentials to anonymous internet bandits.

Security researchers at Cloudsmith and the OpenSourceMalware project spotted the campaign, which involved a nasty credential-stealing worm named "Miasma". Ben Hope, a spokesperson for the tech giant, confirmed they had to temporarily pull down multiple repositories to clean up the mess.

While some repositories have crawled back online after a thorough scrubbing, others remain completely dark. This is actually the second time in just a few weeks that Microsoft open-source projects got hit, following a similar compromise of their Durable Task framework in mid-May.

The deeper rabbit hole reveals that this mess is connected to a massive supply-chain attack. Hackers previously compromised 3,800 internal GitHub repositories using a fake version of the Nx Console extension for VS Code, alongside over 30 malicious npm packages mimicking Red Hat cloud services.

Securing the modern software supply chain has officially devolved into a high-stakes game of Whac-A-Mole. Trusting big-brand open-source tools is starting to look less like a smart shortcut and more like a collective hallucination where everyone hopes the malware lands on someone else's server first.

Source: TechCrunch