Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Columbia University data breach hits 870,000 people
September 6, 2025
Columbia University recently confirmed a major cyberattack that compromised personal, financial, and health-related information tied to students, applicants, and employees. The victims include current and former students, employees, and applicants. Notifications to affected individuals began on August 7 and are continuing on a rolling basis. Columbia, one of the oldest Ivy League universities, discovered the breach ...
- CMS Sitecore patches critical zero-day flaw
September 5, 2025
Popular CMS platform Sitecore has patched a critical zero-day vulnerability found to be being abused in cyberattacks. Security researchers from Mandiant observed threat actors exploiting a zero-day flaw to deploy malware, as well as other legitimate software. The flaw stemmed from the use of sample ASP.NET machine keys published in old deployment guides (pre-2017), and is ...
- Range Rover and Jaguar drivers face lengthy repair delays after cyber attack crippled garages
September 4, 2025
More than a million Range Rover and Jaguar drivers could face huge delays in getting their motors repaired after a devastating cyber-attack crippled Jaguar Land Rover. Bosses at Jaguar Land Rover (JLR) were forced to scramble on Sunday, hastily shutting down global computer systems to protect sensitive information. Efforts are still ongoing to reboot the company’s ...
- Palo Alto Networks becomes the latest to confirm it was hit by Salesloft Drift attack
September 3, 2025
The Salesloft Drift incident is quickly turning into the next MOVEit MFT fiasco, as yet another company confirms losing sensitive data in the third-party attack. This time around, it is the American multinational cybersecurity company Palo Alto Networks that confirmed losing customer data and support cases information in the breach. It all began with the sales ...
- Google warns Gmail users to change passwords after data breach
September 3, 2025
Google is warning about 2.5 billion Gmail users to change their passwords or install a passkey following a data breach that has led to a surge in “phishing” email attacks. The data breach that prompted the warning reportedly happened at a Salesforce database that Google uses internally. The compromised information included basic business contact information such ...
- Cloudflare blocks another largest recorded DDoS attack – this time, peaking at 11.5 Tbps
September 3, 2025
Internet infrastructure provider and global cloud platform, Cloudflare, recently prevented a record-breaking Distributed Denial of Service (DDoS) attack from causing any damage. In a short announcement published on X, Cloudflare said its defenses “have been working overtime” over the past few weeks, autonomously blocking “hundreds of hyper-volumetric DDoS attacks.” Among them was an attack that reached ...