Homepage News Details
Microsoft Open Source Projects Hacked, 70 Projects Disabled
2026-06-09 09:55
Favorite

en.Wedoany.com Reported - Microsoft has cut off access to dozens of open-source projects hosted on GitHub and is investigating how hackers infiltrated these projects and injected password-stealing malware into the code.

Many of the affected projects are related to Microsoft's cloud service Azure and other application tools used for AI development, including Claude Code, Gemini Command Line Interface, and VS Code. Security firm Cloudsmith and the community-driven malware analysis website OpenSourceMalware were among the first to detect the hack. The malware allows hackers to steal passwords and other sensitive credentials when users open compromised tools in AI coding applications.

It is currently unclear how many people have downloaded the affected tools. Microsoft spokesperson Ben Hope told TechCrunch that the company "temporarily removed some repositories while investigating potential malicious content." He also mentioned that some repositories have been restored after review, while others may remain offline as the investigation continues. Microsoft has notified a small number of customers who may have pulled content from the affected repositories and will contact them directly through established support channels. Microsoft did not immediately provide the specific number of affected customers. According to messages displayed when attempting to access project pages on GitHub, at least 70 projects belonging to Microsoft have been disabled. The message states: "This repository has been disabled by GitHub staff due to a violation of GitHub's Terms of Service."

Screenshot showing a disabled GitHub repository: Content reads—'This repository has been disabled. GitHub staff have disabled access to this repository due to a violation of GitHub's Terms of Service. If you are the owner of this repository, you can contact GitHub Support for more information.'

This is the latest case in recent months where hackers have infiltrated open-source projects to implant malware. Such attacks are often referred to as "supply chain" attacks because they target code widely used in a large number of software products or by specific user groups, allowing hackers to gain access to cloud systems and large amounts of customer data through compromised code.

It is not uncommon for independent developers to be targeted by hackers, but it is relatively rare for a large tech giant like Microsoft, which has defensive resources, to be compromised. This is the second known attack in the past few weeks where Microsoft allowed hackers to infiltrate its open-source projects. In mid-May, security researchers stated that Microsoft's open-source project Durable Task was compromised. OpenSourceMalware noted that the latest Microsoft incident is a "re-infection" of the Durable Task project, suggesting that Microsoft may not have completely eradicated the hackers in the first attempt, or that this is a new, different intrusion.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com

America
Information and CommunicationInformation Security and Data Security Engineering
Previous:Kamdhenu Paints Opens Premium Experience Center in New Delhi
Next:Apple iOS 27 is compatible with all iOS 26 models, including the iPhone 11
Related Products
Negotiable
Fully Domestic Industrial Switch
Shenzhen Yuhang Communication Technology Co., Ltd.
Negotiable
Office Data Leakage Prevention Solution
Sangfor Technologies Inc.
Negotiable
MUX Series Communication Interface Device for Security and Stability Control System
Nanjing NR Electric Co., Ltd.
Negotiable
Conveyor Belt Intelligent Monitoring System
LUO YANG WIRE ROPE INSPECTION TECHNOLOGY CO., LTD.
Negotiable /Unit
Multi-function Marine Monitoring Low-altitude Detection Radar Sea-air Boundary Ocean Dynamic Environment Measurement
Chengdu Dixin Technology Co., Ltd.
Negotiable
Mine Explosion-proof and Intrinsically Safe Industrial Ethernet Ring Network (10 Gigabit/Gigabit)
Chongqing Mas Sci&Tech Co., Ltd.
Negotiable
G.652.D Wavelength-extended Non-dispersion Shifted Single-mode Optical Fiber
HONGAN GROUP CO., LTD.
Negotiable
Mining Intelligent Rope-replacement Robot
Zhonggan Group
Negotiable
TWP16 P-Band Tropospheric Wind Profile Radar
China Huayun Meteorological Technology Group Co., Ltd.
Negotiable
Automatic Aiming Laser Remote Obstacle Removal Robot
Pinggao Group Weihai High-Voltage Apparatus Co., Ltd.
Negotiable
Intelligent Warehousing
Jiangsu Zhongtian Technology Co., Ltd.
Negotiable
Industrial and Commercial Point-Type Gas Detector
Jinan Benan Technology Development Co., Ltd.
Related Recommendations
Lantronix (US) and Cherry & White (UK) Launch Rapid Wi-Fi Platform
2026-06-10
UK Government Invests £20 Million to Digitise Eye Care Referrals
2026-06-10
U.S. FingerMotion and BlueFlare Build AI Inference Computing Site Network in Canada
2026-06-10
Skyworks Showcases New AI Rack Power Supply Chain Technology in the U.S.
2026-06-10
China Releases National Standard for Cloud Computing Application in GLP Laboratories
2026-06-10
Montreal Deploys AI Traffic Safety Platform at 100 Intersections
2026-06-10
Indian Home and Cooperation Minister Amit Shah Launches Unified Digital Platform for Land Ports
2026-06-10
China Completes First 24MW Wind-Powered Underwater Data Center with 1.6 Billion Yuan Investment
2026-06-10
China's Ministry of Industry and Information Technology Proposes Enhancing AI Dedicated Line Service Capabilities
2026-06-10
China's Moore Threads Open-Sources GPU Operator Generation Code Large Model MusaCoder
2026-06-10
Lastest Bulletin