Microsoft Hacked to Deliver Malware to Claude and Gemini Users

2026-06-08 · Source: 404media Feed · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning · Depth: Fundamental Awareness, quick

Summary

On June 8, 2026, Microsoft took the unusual step of disabling over 70 of its own GitHub repositories, including those associated with Azure and AI coding agents, following a data breach. Cybersecurity researchers and Microsoft confirmed that hackers successfully planted malware within these repositories. This malicious software was designed to harvest user credentials when opened in AI coding tools such as Claude Code or Gemini CLI. The exact scope of the breach remains under investigation, but the immediate action by Microsoft highlights a significant security compromise targeting users of popular AI development environments.

Key takeaway

For AI Security Engineers or developers utilizing AI coding agents like Claude Code or Gemini CLI, this incident underscores the critical need for supply chain security vigilance. You should immediately verify the integrity of any code packages sourced from public repositories, even those from trusted vendors like Microsoft. Implement robust credential management practices and consider sandboxing development environments to mitigate risks from compromised dependencies. Proactively audit your development pipeline for unexpected changes or suspicious activity.

Key insights

Microsoft's GitHub repositories were compromised to deliver credential-stealing malware to AI coding agent users.

Topics

• Cybersecurity
• GitHub Security
• Malware Delivery
• Credential Theft
• AI Coding Agents
• Microsoft Azure

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Software Engineer, Tech Journalist

Related on AIssential

• Microsoft’s open source tools were hacked to steal passwords of AI developers — Hackers are exploiting open source supply chains, even within major tech companies, to steal developer credentials.
• True Positive Weekly #155 — The AI landscape is rapidly evolving, marked by new models, security incidents, and user expectation analyses.
• Fake Claude Code Installers Deliver Credential-Stealing Malware — Fake AI tool installers exploit unchecked trust to deploy sophisticated credential-stealing malware targeting developer assets.
• The Claude Code source code leak: Takeaways for cybersecurity pros — AI-era cybersecurity demands robust supply chain defense, proactive threat intelligence, and learning from both successes and failures.
• For the 2nd time in weeks, Microsoft packages laced with credential stealer — Supply chain attacks exploit trust models, not vulnerabilities, using compromised credentials to publish cryptographically verified malicious packages.
• GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK — Chained supply chain and AI agent vulnerabilities are actively exploited, bypassing traditional security measures.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by 404media Feed.