Microsoft has suspended access to dozens of its open source projects on GitHub following a cyber-attack that injected password-stealing malware into the code. The affected tools, including those used for Azure and AI development apps like Claude Code and Gemini’s command line interface, have now been taken offline while an investigation proceeds.

Security experts at Cloudsmith flagged the breach, which allowed hackers to steal users' passwords when they opened the compromised tools in their AI coding applications. While Microsoft confirmed it has pulled some repositories, others remain suspended as the company continues its probe.

This incident highlights the growing threat of supply chain attacks within open source communities. In recent months, similar breaches have targeted widely used projects to spread malware across a large user base. For developers relying on Microsoft’s tools, this serves as a stark reminder that no code is entirely safe from cyber threats.

During its investigation, Microsoft notified some customers who had downloaded the affected repositories but declined to disclose the total number of individuals impacted. At least 70 projects have been disabled by GitHub due to violations of their terms of service, further emphasizing the severity of the breach.