Microsoft disables over 70 GitHub repos after hackers compromised them with dangerous malware

Date:
Tue, 09 Jun 2026 14:20:00 +0000

Description:
Some repos are already restored.

FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Threat actor reused unrotated GitHub Actions secrets to compromise 73 Microsoft repos Miasma worm planted across Azure, microsoft, AzureSamples, and MicrosoftDocs orgs Microsoft
pulled affected repos, notified impacted customers, and continues investigation GitHub has disabled 73 of Microsoft s repositories after a threat actor allegedly used credentials stolen a month ago to break in and plant an infostealer .

The news was confirmed by security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware , which revealed that in mid-May
2026, someone (most likely TeamPCP) used stolen Microsofts GitHub Actions secrets to publish malicious PyPI packages. While these were quickly yanked from the platform, it seems that Microsoft never rotated the secrets used in this attack. Now, it would appear that the same threat actor used the same credentials to compromise 73 new repositories, spanning four GitHub organizations: Azure, Azure-Samples, microsoft, and MicrosoftDocs. The Azure org bore the brunt, losing 49 repos, essentially everything the Functions
team ships. Latest Videos From Watch full video here: Significant fallout The key difference is that this time it wasnt the Mini Shai-Hulud worm that was being distributed, but rather the Miasma worm, a spin-off that emerged after TeamPCP open-sourced Mini Shai-Hulud.

The researchers are saying that the practical fallout was quite significant, as some libraries run inside other peoples pipelines. For example, every workflow referencing Azure/functions-action@v1 stopped resolving. You may
like GitHub hit with another major attack Megalodon hits over 5,000 repos with malware-laden commits Mini Shai-Halud hackers publish over 600 compromised npm packages GitHub confirms breach thousands of internal repositories hit

Microsoft spokesperson Ben Hope told TechCrunch the company has temporarily removed some repositories as we investigated potential malicious content.

Some of these repos have been restored after review, while others may remain offline while work continues, Hope added. As part of our investigation, we notified a small number of customers who may have pulled down content from
the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels. Are you a pro? Subscribe
to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Microsoft could not say how many customers the incident affected, but it is safe to assume that it is in the tens of thousands, if not more. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



======================================================================
Link to news story: https://www.techradar.com/pro/security/microsoft-disables-over-70-github-repos -after-hackers-compromised-them-with-dangerous-malware


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)