AIArs Technicaabout 4 hours ago

Microsoft packages hit by credential stealer again

1 min read

Dozens of cryptographically verified Microsoft open source packages were compromised to add credential-stealing code triggered when developers opened them in AI coding agents. GitHub disabled 73 flagged packages for violating terms of service. The incident is the second supply-chain attack in as many months to breach an official Microsoft repository account.

Level

Hype check

Tap to vote and see what everyone thinks.

#microsoft #supply-chain #security

Read full story

More to chew on!

AIabout 3 hours ago

Microsoft open source tools hacked to steal passwords

AIabout 6 hours ago

Microsoft shuts 70+ repos after malware targets AI agents

Devabout 2 hours ago