Microsoft's Open Source Tools Hacked: Password-Stealing Malware Hits AI Developer Repos

Microsoft has pulled dozens of open source GitHub projects after hackers injected password-stealing malware, specifically targeting AI developers. At least 70 repos were disabled, many related to Azure, Claude Code, Gemini's CLI, and VS Code.
Attack Details
According to Cloudsmith and OpenSourceMalware, the malware steals stored credentials when users open compromised tools in AI coding apps. Affected repos include those for Microsoft's cloud services and AI development tooling. OpenSourceMalware identified this as a 're-compromise' of the Durable Task project, which was first breached in mid-May, suggesting the initial cleanup was incomplete or a distinct new attack occurred.
Microsoft's Response
Microsoft spokesperson Ben Hope stated: 'We have temporarily removed some repositories as we investigated potential malicious content. Some repos have been restored after review, while others may remain offline while work continues. As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories.'
GitHub displays the message: 'Access to this repository has been disabled by GitHub Staff due to a violation of GitHub's terms of service.'
Implications for Developers
If you have pulled any Microsoft open source tools between mid-May and June 8, 2026, check your credentials stored in your AI development tools. Attackers could have accessed AI developer machines with privileged access to cloud systems and customer data. Consider rotating any passwords or tokens stored in those environments.
This incident is the latest in a series of supply chain attacks targeting popular open source projects. While rare for a large vendor like Microsoft, it underscores that no repository is immune.
📖 Read the full source: HN AI Agents
👀 See Also

Student contributes two security patches to OpenClaw production system
A student developer fixed a 'fail-open' vulnerability in OpenClaw's gateway logic (PR #29198) and a tabnabbing vulnerability in chat images (PR #18685), with both patches landing in production releases v2026.3.1 and v2026.2.24 respectively.

Two Approaches to Reduce Data Leak Risk with AI Agents
A Reddit post outlines two methods for developers to control where their AI agent data goes: using your own API keys directly with providers like OpenAI or Anthropic to cut out middlemen, or running open-source models locally with tools like Ollama and OpenClaw.

Security audit reveals vulnerabilities in OpenClaw skill ecosystem
A security audit of OpenClaw found 8 documented CVEs including arbitrary code execution and credential theft vulnerabilities, plus 15% of skills in the shared library exhibit suspicious network behavior. The auditor migrated to a minimal Rust-based runtime with Ollama for better isolation.

OpenClaw Security: The Hardened Baseline You Should Start With
Self-hosting OpenClaw doesn't automatically make it secure. A Reddit post details the hardened baseline config: local-only Gateway, per-peer DM isolation, deny runtime/fs/automation tool groups, exec locked down, and mention-gated groups.