A variant of the Shai-Hulud worm has infiltrated 73 Microsoft GitHub repositories, causing disruptions to CI/CD workflows. This attack, reported on June 5, involved an automated sweep that quickly disabled affected repositories, significantly impacting organizations globally. StepSecurity linked this incident to a previous compromise of official Microsoft packages on PyPI, raising concerns about credential security.
The worm primarily targets AI coding tools, planting malicious configuration files to harvest credentials without triggering security alerts. Experts recommend that organizations who accessed compromised repositories urgently rotate credentials, audit their packages, and enhance security measures to prevent further breaches.