MalwareBleeping Computer
6.5 — HIGH
GitHub disables Microsoft repos pushing password-stealing malware
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A supply-chain campaign, likely Miasma/Shai-Hulud, compromised Microsoft's Azure and GitHub repositories, distributing password-stealing malware. The incident was contained within 105 seconds after the removal of 73 affected repositories.
⚙️Technical Details
Affected Systems
Microsoft's Azure organization on GitHubdurabletask repository in Microsoft's Azure organization on GitHub
Attack Vectors
Supply-chain campaign via Miasma/Shai-HuludCompromise of Red Hat's npm packages
💥Impact Assessment
Severity: High
Who Is at Risk
Software developers using affected repositories and customers who may have pulled down content from the affected repositories
🛡️Recommended Actions
1Lock project dependencies to prevent unauthorized updates
2Add multi-day time delays to fetch new package updates
3Test new builds on isolated environments
📦Affected Products
Azure FunctionsGemini CLIVS CodeCursor
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.