Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- ShinyHunters: Cyber Criminal Group Attacks Learning Management System
May 15, 2026
The Federal Bureau of Investigation (FBI) is providing this Public Service Announcement (PSA) to warn of potential future impacts related to a cyber-attack that affected an online Learning Management System (LMS), resulting in an interruption of service to educational institutions and students across the country. The LMS platform is now fully operational. ShinyHunters (SH) — which ...
- OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
May 15, 2026
OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products. The company disclosed this week that it had been caught up in the wider “Mini Shai-Hulud” campaign targeting npm ecosystems and developer infrastructure, though it said there was no ...
- Ransomware hackers claim breach at Foxconn, a major electronics manufacturer for Apple, Google, and Nvidia
May 13, 2026
Electronics manufacturing giant Foxconn, which makes devices and components for Apple, Google, Nvidia, and Sony, among other tech giants, confirmed on Monday that it was hit by a cyberattack that may have affected some of its factories. In a statement sent to media outlets, Foxconn said that the cyberattack affected facilities in North America and that ...
- When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
May 13, 2026
Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly escalated into a full compromise chain involving ...
- German Citizen Charged with Laundering Funds Linked to Prominent Darknet Marketplace “Dream Market”
May 13, 2026
Owe Martin Andresen, the suspected main administrator of Dream Market, one of the largest illicit darknet marketplaces before its 2019 shutdown, has been indicted for an alleged scheme to launder funds from Dream Market’s administrator accounts. Andresen was arrested last week in Germany on parallel charges brought by the German government. “Andresen allegedly channeled commissions earned ...
- Stolen Canvas data was “returned” after hacker agreement, Instructure says
May 12, 2026
The Instructure/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage. Millions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly. Which seems to have paid off. On the Instructure web page about the recent ...