For the 2nd time in weeks, Microsoft packages laced with credential stealer
Summary
Ars Technica reports a second supply-chain attack in weeks where 73 Microsoft packages were found to contain credential-stealing code, activated when developers used AI coding agents. The incident, linked to the Miasma worm and the Mini Shai-Hulud toolkit, exploited GitHub and cloud credentials, bypassing traditional detections and demonstrating the attacker’s use of legitimate workflows. Authorities urge immediate credential rotation and thorough investigation for anyone who touched the affected packages.