Microsoft has temporarily taken several of its open-source projects offline from GitHub after discovering potentially malicious code in repositories used by developers. The affected projects reportedly include Azure-related tools and repositories connected to AI coding platforms such as Claude Code, Gemini CLI, and Visual Studio Code.
Security researchers warned that the malware could steal passwords and sensitive credentials when the repositories were opened in certain AI-assisted development environments. Microsoft said it removed the repositories as a precaution while investigating the incident and has already contacted some users who may have downloaded the compromised content. Reports suggest that around 70 Microsoft-owned projects were affected. The incident highlights the growing risk of software supply-chain attacks targeting trusted open-source software used by developers worldwide.
