For the 2nd time in weeks, Microsoft packages laced with credential stealer★ 72
Ars Technica AI·4 hours ago·Incident
Ars Technica reports a second Microsoft-package security incident in weeks, involving 73 packages laced with a credential stealer. The supplied summary says the malware runs as soon as the packages are opened by an AI agent and can self-replicate. The case highlights a growing software supply-chain risk: AI agents that inspect or operate on code may become execution triggers for malicious packages.
