Major Security Breach: Malware-Laced Microsoft Repositories Target Claude Code and Gemini CLI Users

Summary

Microsoft shut down more than 70 of its own GitHub repositories on June 5 after discovering malicious code planted within them by the threat actor group TeamPCP. Cybersecurity researchers from StepSecurity identified malware that would harvest users' credentials when they opened the compromised repositories in AI coding tools including Claude Code (Anthropic), Gemini CLI (Google), Cursor, and VS Code. The malicious repositories spanned four GitHub organizations, including Azure Functions, Durable Task, and AI sample applications, representing a widespread supply chain attack targeting the developer ecosystem.

The malware operated by planting configuration files that would activate when users opened repositories in their AI coding environments, creating a direct vector for credential theft among AI developers. TeamPCP had previously compromised Microsoft's durabletask package in May 2026, publishing three malicious versions before this escalated attack. GitHub disabled 73 repositories in a rapid 105-second action on June 5, with repositories now displaying GitHub staff notices indicating violations of terms of service.

The incident reveals a significant security failure in the supply chain for AI development tools. Any GitHub Actions workflows that relied on the disabled repositories will no longer function. The breach raises critical questions about how Microsoft failed to fully remediate its infrastructure after the initial durabletask compromise in May, and the broader implications for supply chain security in the AI developer ecosystem.

• The breach broke GitHub Actions workflows dependent on these repositories and suggests incomplete remediation from the earlier May compromise