Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft disabled at least 70 open-source projects on GitHub after hackers injected password-stealing malware into the code. The compromised projects included Azure tools and utilities for AI development apps like Claude Code and Gemini's CLI. Security firms Cloudsmith and OpenSourceMalware identified the malware, which steals user passwords and sensitive credentials when developers open the infected tools. Microsoft has not disclosed how many users downloaded the affected projects.

Mentioned entities