For the 2nd time in weeks, Microsoft packages laced with credential stealer
At least 70 projects were disabled after a worm injected code that stole passwords and cloud secrets from developers using AI coding tools.
- On Friday, Microsoft disabled 73 GitHub repositories after automated systems detected the Miasma worm injecting password-stealing malware into cryptographically verified open-source packages used by developers globally.
- Compromised contributor accounts allowed the Miasma worm to inject malicious code, specifically targeting cloud credentials, Kubernetes configurations, and over 90 developer tool settings when developers opened the affected code in AI agents.
- The incident represents a re-compromise of Durable Task, with security researchers linking the attack to cybercrime group TeamPCP, responsible for a similar breach last month affecting Red Hat packages.
- Rather than warning developers, GitHub disabled the repositories citing "a violation of GitHub's terms of service," leaving users to discover the security breach independently on their own.
- Microsoft continues promoting Enterprise Live Migrations to move customers onto GitHub, betting that its AI-native development tools outweigh the ongoing supply-chain risks despite these security challenges.
28 Articles
28 Articles
In a move aimed at bolstering security, Microsoft confirmed it temporarily removed some GitHub repositories after they were compromised. Microsoft restores some GitHub repositories and keeps others offline while the Miasma investigation continues. Microsoft confirmed on Monday that it temporarily removed some GitHub repositories in response to a recent security incident that compromised 73 of its open-source projects to inject code-stealing malw…
The incident marked the second successful attack on Microsoft's open-source tools in recent weeks. Microsoft temporarily blocked access to over 70 of its own open-source projects on the GitHub platform due to a supply chain hack. Attackers infected the codebase of Azure cloud tools and popular AI developer assistants with malware designed to steal passwords and confidential data, according to RBC-Ukraine, citing 404 Media. Hack mechanics The at…
TechCrunch
New Movies & TV Shows, Trailers & ReviewsMicrosoft's open source tools were hacked to steal passwords of AI developers
Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.
Microsoft's pitch to enterprises: Ditch Azure Repos for GitHub, despite its rocky reliability record
GitHub hasn’t had an easy year. The platform has been hit by repeated outages affecting core services — including the Actions-based CI/CD pipelines that engineering teams depend on daily — and has had to issue public apologies as a result. The scale of the problem is staggering: Where GitHub handled roughly 1 billion commits across the whole of 2025, it now processes 1.4 billion every month, with AI agents alone responsible for more than 17 mill…
Coverage Details
Bias Distribution
- 67% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
