Scopeora News & Life

© 2026 Scopeora News & Life

Microsoft Investigates Security Breach in Open Source Projects

Microsoft has taken decisive action by disabling access to numerous open-source projects on GitHub as it delves into a security breach that has reportedly allowed hackers to infiltrate these projects....

Microsoft Investigates Security Breach in Open Source Projects

Microsoft has taken decisive action by disabling access to numerous open-source projects on GitHub as it delves into a security breach that has reportedly allowed hackers to infiltrate these projects. This incident has raised concerns, particularly among developers utilizing tools associated with Microsoft's Azure cloud services and AI development applications, including Claude Code, Gemini's command line interface, and Visual Studio Code.

According to findings from Cloudsmith, a cybersecurity firm, and the community-driven site OpenSourceMalware, the breach involved the introduction of malware that enabled hackers to extract passwords and sensitive credentials from users who engaged with the compromised tools.

The extent of the impact remains unclear, as Microsoft has not disclosed how many users may have downloaded the affected tools. A spokesperson for Microsoft confirmed the removal of the repositories, which has been met with a notification stating that access has been disabled due to violations of GitHub's terms of service.

At least 70 projects have been rendered inaccessible, highlighting the scale of the breach. Users attempting to access these pages are met with messages indicating that the repositories have been disabled by GitHub staff.

This incident is part of a broader trend where hackers target popular open-source projects to embed malware, a tactic known as a "supply chain" attack. Such breaches exploit code that is widely used across various software applications, making them particularly lucrative targets due to the potential access they provide to sensitive data and cloud systems.

While smaller developers often find themselves in the crosshairs of cybercriminals, it is less common for major technology corporations like Microsoft--who typically possess robust defenses against such threats--to experience breaches of this nature. This marks the second known incident in recent weeks involving Microsoft's open-source projects, with previous reports indicating that the Durable Task project, a tool designed to assist developers, was also compromised.

As Microsoft continues its investigation, the tech community watches closely, recognizing the implications of such vulnerabilities in open-source software. The company's response and the subsequent measures implemented may set a precedent for how large organizations address security issues in open-source projects moving forward.


Similar News