Microsoft’s open-source packages hit again by stealthy credential theft attacks
A fresh supply-chain attack compromised dozens of Microsoft’s cryptographically verified open-source packages, embedding advanced credential-stealing code. Developers using AI coding assistants were at risk, prompting urgent warnings to assume systems may be compromised.