For the 2nd time in weeks, Microsoft packages laced with credential stealer

Software Development, Security, DevOps & Infrastructure(arstechnica.com)view on HackerNews

credential-stealingsoftware developmentsecuritydevopsgithubmicrosoftopen-sourcepackageshackingmalwaremiasmateampcp

Author: cdrnsf

Date: 6/8/2026

Article Summary:

Microsoft's official GitHub repository was compromised, allowing a credential-stealing code to be added to dozens of open-source packages, which were then used to infect developer machines.