to the durabletask repository. That attack planted configuration files that would harvest peoples' credentials when they opened the repository in Claude Code, Gemini CLI, Cursor, or VS Code, StepSecurity wrote.


Microsoft Hacked to Deliver Malware to Claude and Gemini Users
https://www.404media.co/microsoft-hacked-to-deliver-malware-to-claude-and-gemini-users/