Microsoft Developer Packages Laced With Credential Stealer for Second Time in Weeks

Ars Technica reports that Microsoft developer packages have been found laced with credential-stealing malware for the second time in weeks, signaling a persistent multi-wave campaign against Microsoft's open-source package ecosystem. The pattern follows the May durabletask PyPI compromise (TeamPCP) and the early June Red Hat npm Miasma escalation — distinct incidents from today's report — with cloud tokens, CI/CD secrets, SSH keys, and developer credentials the consistent targets. AI toolchain packages on npm and PyPI remain a high-value attack surface given their widespread use in automated build pipelines.