Microsoft's open source tools were hacked to steal passwords of AI developers
Points and comments are a snapshot, not live.
Article body wasn't reachable. The HN discussion summary is below.
Points and comments are a snapshot, not live.
Article body wasn't reachable. The HN discussion summary is below.
What commenters are saying
Commenters confirmed 73 disabled repositories across Azure, Microsoft, and Azure-Samples organizations, spanning Azure Functions, connectors, and durable task libraries. The malware reportedly spreads across all development platforms and infrastructure (developer machines, CI/CD runners, cloud services) and targets multiple package managers (NPM, Composer, Go, Pip). One commenter provided a mitigation tool and noted the kill switch is setting LANG to ru_RU.KOI8-R. Thread discussion shifted toward broader security concerns: Microsoft's failed 2023 CISA security review, weak corporate security culture, ubiquitous Secure Boot key control, and growing fragility of the software supply chain. Some commenters expressed alarm about dependencies in critical infrastructure.