Microsoft shut down access to more than 70 GitHub repositories on Sunday after hackers injected password-stealing malware into open-source projects belonging to the company, including tools used with Claude Code, Gemini’s command-line interface, and Visual Studio Code. The malware, identified by security firm Cloudsmith under the name Miasma, activated when developers opened the compromised tools inside their AI coding environments, capturing user passwords and sensitive credentials. GitHub, which Microsoft owns, disabled the affected repositories with a standard terms-of-service violation message visible to anyone attempting to access them. Microsoft acknowledged pulling the repositories but had not issued a public statement on the scope by the time of the initial reports.
The incident becomes significantly more concerning when read alongside its predecessor: in mid-May, Microsoft’s open-source project Durable Task, a developer framework for building long-running applications, was also compromised by hackers delivering credential-stealing malware. Security researchers who tracked the June incident described it as a possible re-compromise of the Durable Task project, suggesting that Microsoft either did not fully eradicate the attackers in May or that a distinct, separate breach succeeded shortly afterward using similar techniques. Two supply chain attacks on the same company’s open-source infrastructure within approximately three weeks is what NewsTrackerToday picked up as the pattern that matters more than either individual incident.
Sophie Leclerc, who covers the technology sector, reads the architectural vulnerability precisely: “Supply chain attacks on open-source repositories have historically targeted solo maintainers or small teams who lack the security infrastructure to defend against sophisticated adversaries. What’s notable here is that Microsoft, a company with one of the largest corporate security teams in the world, was compromised not once but apparently twice in short succession. The attack vector for tools used specifically by AI developers is also deliberate. Developers building on Claude Code, Gemini’s CLI, and VS Code have elevated access to cloud systems and customer data compared to the average software developer. Credential theft from that population is disproportionately valuable to an attacker.”
The specific AI developer tooling targeted carries a secondary significance: Claude Code, Gemini’s CLI, and VS Code represent three of the most widely used interfaces for AI-assisted software development currently in production. Each generates significant token volumes, accesses API keys, and may interact with sensitive enterprise data. An attacker who successfully steals credentials from a developer using these tools gains not just that developer’s personal authentication data but potential access to the cloud resources, customer environments, and AI model API accounts those credentials control. The scale of potential downstream exposure is what NewsTrackerToday noted as the reason the target selection is not random.
Daniel Wu places the incident in a strategic context: “The concentration of AI developer tooling around a small number of platforms – GitHub, VS Code, the major cloud CLIs – creates a structural single-point-of-failure for the global AI development ecosystem. When state or state-adjacent actors target these platforms, they are not trying to steal one developer’s password. They are trying to compromise the supply chain of an industry that the world’s largest economies are racing to dominate. The pattern of targeting AI developer tools specifically has geopolitical logic that goes well beyond financial crime.” The total number of developers who downloaded the affected tools before the repositories were taken down is not yet known, which is what NewsTrackerToday zeroed in on as the open question with the highest potential impact on the incident’s actual scope.
The uncomfortable conclusion of the Microsoft GitHub incidents is not that supply chain attacks are novel. They are not. The uncomfortable conclusion is that a company with substantial security resources and a well-documented prior compromise in the same project category sustained what appears to be a second successful breach of similar or related infrastructure within three weeks. One incident is a security event. Two incidents in the same attack category on the same infrastructure in three weeks is a pattern, and what NewsTrackerToday connects to the broader supply-chain threat landscape is the question of whether Microsoft’s open-source security posture is adequate for an era when its tools have become the primary interface layer for AI-driven software development globally.
