Late last week, dozens of open source packages from Microsoft were compromised to include credential-stealing code that activated when developers opened them in AI coding agents. Researchers identified 73 packages as malicious, which were subsequently flagged and disabled by automated systems on GitHub. GitHub stated that the packages were disabled due to a violation of its terms of service, without explicitly noting their malicious nature. Microsoft later acknowledged the potential infection of the packages, stating in an email that some repositories had been temporarily removed while they investigated the situation.
✓ AI-Debiased Article
Microsoft Open Source Packages Compromised with Credential-Stealing Code
Microsoft's open source packages were compromised with credential-stealing code, affecting 73 packages that were flagged by GitHub's automated systems. The company has acknowledged the issue and is investigating the malicious content.
Companies
Microsoft
Annotating as
No note attached
on this article.
Original vs. Neutral
Original Headline
For the 2nd time in weeks, Microsoft packages laced with credential stealer
Neutral Headline
Microsoft Open Source Packages Compromised with Credential-Stealing Code
