Microsoft has temporarily taken down dozens of its open-source projects from GitHub after discovering a security incident that may have exposed users to password-stealing malware. The move comes after researchers flagged suspicious code in several Microsoft-owned repositories, many of which are linked to Azure services and tools used by software developers working with AI coding platforms. The malware was reportedly capable of collecting passwords and other sensitive credentials from users who downloaded and opened the affected tools. While the full scale of the incident remains unclear, Microsoft has confirmed that it is investigating the matter and has already contacted a small number of potentially affected customers.
The incident first came to light through reports from security firm Cloudsmith and malware tracking platform OpenSourceMalware. Researchers said hackers appeared to have inserted malicious code into projects hosted on GitHub, the software hosting platform owned by Microsoft.
Also read: OpenAI files for IPO, announces few hours after Apple WWDC concluded: All details
Several of the affected repositories are connected to Azure and developer tools that work alongside popular AI coding applications such as Claude Code, Gemini CLI and Visual Studio Code. According to researchers, users who downloaded and ran the compromised tools risked having passwords and other credentials stolen.
As per a report by 404 Media, Microsoft confirmed that they had temporarily removed a number of repositories while reviewing potentially harmful content. The company said some projects have already been restored after inspection, while others remain offline as the investigation continues.
A spokesperson from Microsoft also told TechCrunch that ‘ As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels.’
Reports suggest that at least 70 Microsoft repositories were disabled on GitHub during the response effort. Visitors attempting to access the projects were shown a notice stating that access had been disabled due to a violation of GitHub’s terms of service.
Also read: Did Apple just tease its foldable iPhone in iOS 27? Here is what we know so far
The breach has raised concerns about software supply chain attacks, in which hackers target trusted code projects to reach a larger group of users. Such attacks can have a wide impact because developers often use open source software as part of their daily work.
The latest incident also follows an earlier compromise involving Microsoft’s Durable Task project in May. Researchers believe the new case may be linked to that breach, though it remains unclear whether the attackers regained access or carried out a separate intrusion. Microsoft has not yet shared further technical details.