Microsoft pulls 73 GitHub repos after malware

Show Notes

A supply chain attack targeting developer tools forced Microsoft to remove dozens of GitHub repositories, highlighting a shift in where real risk now sits. This episode breaks down how attackers are moving closer to credentials through trusted workflows, and why AI development environments are becoming a high value target. For security and IT leaders, the implication is direct. Developer machines, repositories, and third party access paths now function as part of your identity perimeter. At the same time, passkeys are exposing operational gaps around recovery, and new research shows overreliance on AI can quietly degrade decision making across teams. We also cover a third party access lawsuit with cross client impact, shifts in AI economics, and growing geopolitical pressure on AI partnerships. Learn more at https://crestvale.io

Transcript

SPEAKER_00 0:00

A single poisoned repo can now hand over your cloud access without a phishing email in sight. And the tools your developers trust most are becoming the cleanest entry point attackers have. This is the Crestvale Newsroom Daily Podcast. Microsoft just pulled 73 GitHub repositories after credential stealing malware spread through projects tied to Azure and common AI development workflows. No breach of Microsoft systems. No zero day. This is about trust. Attackers seeded malicious code into repos developers were likely to clone and run. Open the project in tools like VS Code or newer AI coding environments, and the infection path is almost invisible. From there, tokens, credentials, and access to cloud environments can be exposed quickly. This is a supply chain attack aimed at the modern DevStack. It targets how work actually gets done, and that is the shift. The attack surface is no longer just your production systems. It is the path developers take to get there. These environments sit close to secrets. API keys, cloud tokens, service credentials. Once those are exposed, lateral movement into real infrastructure becomes straightforward. What stands out here is the method. There is no single exploit to patch. The attackers abused normal workflows and maintainer trust. That makes this harder to detect and much easier to scale. And it is not isolated. This fits a pattern. AI tooling is pulling more capability into local environments. That means more power and more risk on developer machines. Here is why this matters. Your developers' tools are now a primary security boundary. If you are not treating every repository, dependency, and local AI tool as a potential entry point, you are leaving a gap right where your most privileged access lives. That means tightening token scope, rotating credentials more aggressively, auditing what gets pulled into local environments, and putting guardrails around what those tools can access by default. If you trust the repo, you are trusting everything behind it. Now pass keys are winning on security, but they are hitting a very practical wall. The objection is simple. What happens when the phone disappears? Passkeys remove shared secrets. That is a real improvement. There is nothing sitting on a server that can be stolen and reused. Phishing largely goes away. But the risk shifts. It concentrates on the device. A stolen device becomes the main threat. That is easier to detect and revoke than silent credential theft. But it forces teams to solve something they have not fully designed for. Recovery, revocation, backup access. Right now, that is where deployments stall. Users do not have clear paths when they lose a device. Operators do not have consistent models for emergency access or delegation. So the technology is ready. The operations are not. If you are rolling out pass keys, you need to treat lifecycle design as part of the security model, not an afterthought, because the failure mode shows up at the worst possible moment. Meanwhile, a lawsuit against a cybersecurity provider is exposing a different kind of failure. Shared remote access credentials reused across multiple clients. Even after those credentials were known to be compromised. That turns one breach into many. According to the filing, attackers got in and reached domain controllers. At that point, control of the network is effectively lost. From there, the rest is cleanup. And the basics were missing. Admin credentials stored in plain text. This is not an advanced attack story. It is a fundamental story. Third-party access is part of your identity perimeter. If a vendor uses weak controls, you inherit them. That means per tenant credentials, strong logging requirements, network segmentation, and verification of backups, not assumptions. If you do not enforce those, you are extending trust without control. And one more shift worth paying attention to. MIT is warning that heavy reliance on AI tools can erode human judgment over time. The issue is not just accuracy, it is dependency. As people rely on AI to summarize and decide what is true, they do less of the underlying evaluation themselves. That skill fades, and AI systems often present answers with high confidence, even when wrong. In an enterprise setting, that compounds risk quietly. If employees treat AI outputs as final answers instead of inputs to verify, you are scaling decision errors across the organization. The control here is not technical, it is workflow design, require verification, encourage multiple sources, make it normal to challenge outputs. Otherwise, the failure mode is not a bad answer. It is a degraded ability to notice one. Here is what else is worth knowing today. Meta is unwinding a $2 billion AI deal under pressure from Beijing. That is a reminder that AI partnerships now carry geopolitical risk that can break data flows overnight. Nvidia says AI compute still costs more than human labor. That frames automation as a spend problem first, and a governance problem as usage grows faster than controls. A UK school shut down operations after a cyber incident. Even simple attacks can halt operations when identity and continuity planning are weak. And a new cyber training program is simulating full-scale identity-driven breaches. If your team is not practicing against realistic lateral movement, you are preparing for the wrong scenario. Before we close out, here is a quick look at where markets landed. Equities finished higher, with both SPY and QQQ moving up together, signaling a broadly positive close. The tenure yield also moved higher, continuing the recent upward pressure in rates. In commodities and digital assets, gold pushed higher while oil pulled back. Bitcoin declined and closed lower on the session. Here is the takeaway. Treat developer environments and third party access as production identity surfaces, not support functions. Tomorrow we are watching how organizations start to lock down developer tooling and AI environments without slowing down engineering velocity. If this was useful, follow the Crestvale Newsroom Daily Podcast so you don't miss it. Thanks for listening.