Microsoft confirms they were hacked by Lapsus$ extortion group
Microsoft has confirmed that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code. [...]
Source code reveals how software works, helping security teams identify vulnerabilities, exposed secrets, and unsafe logic before attackers can exploit them.
Search across headline titles and summaries.
Background for this topic.
Source code is the human-readable text programmers write in a language such as Python, Java, or C before it is compiled or interpreted into a running program. It defines the program’s logic, data handling, and interactions with operating systems, networks, and other services. Source code may include application code, scripts, and configuration that controls software behavior.
In security, exposed or improperly protected repositories can disclose credentials, private keys, internal endpoints, or details that help attackers find exploitable flaws. Vulnerabilities may also enter through unsafe coding patterns, outdated dependencies, or malicious changes to code and build pipelines. Defenses include least-privilege repository access, secret scanning, peer review, static analysis, dependency and software-composition checks, and integrity controls for releases. Preserving commit history and build provenance helps investigators determine what changed and whether delivered software matches reviewed source.
Microsoft has confirmed that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code. [...]
The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft's internal Azure DevOps server. [...]
Microsoft says they are investigating claims that the Lapsus$ data extortion hacking group breached their internal Azure DevOps source code repositories and stolen data. [...]
A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine. [...]