Microsoft Disables Dozens of GitHub Repos After Security Breach

Microsoft has temporarily disabled more than 70 of its own GitHub repositories after discovering potentially malicious content linked to a broader software supply chain attack. The affected projects reportedly included Azure Functions repositories, Durable Task development tools, and several AI-related sample applications. This is one of the largest known instances of a major technology company taking down its own repositories as part of an active security investigation.

Security researchers say attackers inserted malicious files into at least one Microsoft-associated repository.

Those files were designed to exploit how modern AI-assisted development tools interact with codebases, potentially allowing attackers to harvest credentials from developers who opened the compromised repositories using tools such as Claude Code, Gemini CLI, Cursor, or Visual Studio Code.

Microsoft confirmed it removed repositories while investigating and later restored some after review.

Why It Matters: As coding agents gain access to repositories, configuration files, terminals, and credentials, attackers are increasingly targeting the software supply chain in ways that can affect developers and the organizations that rely on their tools and infrastructure. The case also raises questions about how quickly large technology companies can detect and contain compromises within open-source ecosystems that millions of developers trust.

• Microsoft disabled an unusually large number of repositories in a short period: Reports showed that GitHub disabled 73 Microsoft repositories across multiple organizations in a matter of minutes. The affected projects reportedly included the entire Azure Functions organization, the Durable Task family of repositories, and several AI-focused sample applications.

• The malware appears to have targeted users of AI coding assistants. Security researchers said attackers added malicious configuration files that could steal credentials when repositories were opened inside AI-enabled development environments. Unlike traditional malware that relies on users executing suspicious binaries, this attack allegedly leveraged workflows increasingly common among developers using AI tools.

• The incident may be connected to previous compromises involving Durable Task: Researchers noted that the threat group TeamPCP had previously compromised Microsoft’s Durable Task project and published malicious package versions in May. TeamPCP has been linked to numerous software supply chain attacks throughout 2026 that affected hundreds of organizations, demonstrating how attackers continue to focus on trusted development infrastructure.

• The shutdown likely disrupted developer workflows: Any GitHub Actions, automation pipelines, or software projects that depended on the disabled repositories would have been affected. Organizations using those repositories may have experienced build failures, deployment interruptions, or the need to audit dependencies while Microsoft conducted its investigation.

• Questions remain about the full scope of the breach: Microsoft has not publicly disclosed all details surrounding the compromise, including exactly how many repositories were affected, how long malicious content was present, or how many users may have interacted with it. The company said it directly notified a small number of customers who may have downloaded content from affected repositories and continues to investigate.

• The event underscores the growing importance of software supply chain security. As organizations increasingly depend on open-source components, cloud infrastructure, and AI-assisted development environments, a compromise in a trusted repository can quickly cascade across thousands of systems. Security teams are now being forced to monitor software packages themselves, as well as the AI tools that interact with them.

Go Deeper -> Microsoft Hacked to Deliver Malware to Claude and Gemini Users – 404 Media