Hackers injected password-stealing malware into 73 Microsoft GitHub repos. The targets were AI coding tools that millions of developers use daily, not random repos. The attack was discovered on June 5, 2026, forcing Microsoft to cut access to repos across Azure, Azure-Samples, and MicrosoftDocs during its investigation. Here’s what happened, who’s at risk, and what to do if you pulled code from these repos.
What Actually Happened
The attack is part of a campaign security researchers call Miasma, also known as Shai-Hulud. It’s a software supply chain attack where hackers compromised widely used code that many products depend on, rather than targeting one company directly.
Hackers injected malware into Microsoft repos that triggers automatically when a developer opens the code in an AI coding tool or IDE (Integrated Development Environment), which is software developers use to write code. No manual execution is required. Opening the repo was enough to activate it.
Once triggered, the malware harvested secrets from developer workstations. It also attacked CI/CD environments. CI/CD (continuous integration and continuous deployment) is the automated pipeline where code gets built and tested. Stolen credentials were exfiltrated to public GitHub repositories. Attackers retrieved them from there.
Microsoft cut access to all 73 repos on June 5. All have been restored and are considered clean after investigation.
The Tools Being Targeted
What makes this campaign different is who it targets. Miasma specifically aims at AI coding applications including Claude Code, Gemini CLI, VS Code, and Cursor.
AI coding tools have become standard in professional development over the past two years. Attackers adapted accordingly. These tools run with elevated permissions. They have deep access to local environments. That makes them attractive for credential harvesting.
Beyond the 73 Microsoft repos, the campaign compromised more than 23 additional packages. Some were AI-themed packages like langchain-core-mcp and openai-mcp. Others were typosquats. These are packages with names similar to popular libraries. They trick developers into downloading them. Examples include rlask, rsquests, and tlask.
The campaign also re-compromised the durabletask Python package. TeamPCP hacked it first in mid-May 2026. Being hit twice in under a month is significant. It shows attackers actively probe this space.
Microsoft’s Response
Microsoft spokesperson Ben Hope said:
“Our priority is to protect customers and the broader ecosystem. We temporarily removed some repos as we investigated malicious content. Some repos have been restored after review. Others may remain offline while work continues.”
The company notified a small number of customers. They may have pulled content from affected repos. But Microsoft did not disclose how many users were impacted.
A Quick Timeline
The Miasma campaign built on an earlier breach and escalated quickly once it found its footing in Microsoft’s ecosystem:
- May 2026: durabletask Python package first compromised by TeamPCP
- June 5, 2026: 73 Microsoft repos infected and access cut by GitHub
- June 8 to 9, 2026: Public reports surface
- After investigation: All 73 repositories restored and verified clean
The incident played out in days. That is fast by enterprise security standards. But it was long enough to expose an unknown number of developers to credential theft.
What You Should Do Right Now
If you use affected AI coding tools, follow these steps.
For individual developers, check if you pulled code from Microsoft Azure, Azure-Samples, or MicrosoftDocs repos between June 1 and June 5. Rotate any credentials or API keys you used during that period. Update to the latest versions of Claude Code, VS Code, Cursor, and Gemini CLI.
For development teams, review your CI/CD pipeline for unauthorized access. Check GitHub activity logs for unexpected activity. Enable dependency monitoring tools if you haven’t already. Dependency scanning catches this attack before damage occurs.
Why This Is Bigger Than One Breach
Supply chain attacks are becoming the preferred entry point for sophisticated threat actors because they scale. Compromising one popular package reaches thousands of developers simultaneously without requiring a phishing email.
The Miasma campaign adds a new dimension by focusing specifically on AI development tooling. As AI coding assistants become as standard as version control, they’re becoming as attractive a target. Developers who trust these tools implicitly are exactly the kind attackers want to exploit.
Microsoft contained this breach. But the fact it happened across 73 repos targeting tools central to modern development signals where attacks are heading.
For developers, the risk is clear. If you use AI coding tools and pulled Microsoft repo code between June 1 and 5, rotate your credentials now.
Click Here For The Original Source.
