Microsoft Nukes 70+ Own GitHub Repos After Malware Attack
Hackers injected credential-stealing malware targeting AI coding agent users into Microsoft's own repositories.
Microsoft just torched more than 70 of its own GitHub repositories. The reason? Hackers managed to push malware into them designed to steal credentials from people using AI coding agents.
It's a remarkably unusual move. Microsoft — which owns GitHub — had to shut down its own repos to contain the threat. The attack specifically targeted users of AI-powered coding tools, exploiting the trust developers place in official Microsoft repositories.
The incident highlights a growing attack surface as AI coding assistants become standard developer tools. If hackers can poison the repos these agents pull from, they can compromise entire development workflows without touching the end user directly.
The takeaway is brutal: even first-party repos from the platform owner aren't safe. The supply chain attack vector just got a lot more uncomfortable for anyone leaning on AI agents to write code.