TeamPCP adds Malware to Multiple Microsoft-Linked GitHub Projects

TeamPCP has leveraged a compromised GitHub account to inject malicious code into at least 42 repositories and 236 branches across the Azure, Azure-Samples and Microsoft GitHub organizations. They were published between 02:36 and 03:22 UTC on 5 June 2026. As of 14:00 UTC on 5 June the malicious code is only present in the GitHub repositories and has not been pushed to any other distribution channels.