The bottom line: Microsoft tools in GitHub repositories were infected with an infostealer that exfiltrated AI tokens – affected customers have been notified.
Microsoft has notified a limited number of customers who downloaded infected GitHub repositories containing proprietary Microsoft tools. The affected packages were compromised with an infostealer designed to exfiltrate AI tokens and associated authentication artifacts.
Microsoft confirmed that multiple GitHub repositories were contaminated with malware payloads. The affected repositories contained Microsoft tools that implemented an infostealer module specifically targeting AI tokens and related authentication artifacts.
The company identified the compromised packages and notified the affected customers who had performed these downloads. According to Microsoft, a small number of customers have been affected by the infection.
For CISOs, this incident is relevant because it demonstrates that central sources like GitHub repositories for Microsoft tools can represent an attack vector. The specialized targeting of AI tokens highlights the security risk posed by generative AI infrastructure in enterprise environments. Organizations should verify whether corresponding tools from the affected timeframe were used in their own ecosystem and whether necessary remediation measures have been implemented.
Source: borncity.com · Published June 9, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.6.5.