{"id":9486,"date":"2026-06-09T12:01:21","date_gmt":"2026-06-09T12:01:21","guid":{"rendered":"https:\/\/news.theck1.no\/?p=9486"},"modified":"2026-06-09T12:01:21","modified_gmt":"2026-06-09T12:01:21","slug":"for-the-2nd-time-in-weeks-microsoft-packages-laced-with-credential-stealer","status":"publish","type":"post","link":"https:\/\/news.theck1.no\/?p=9486","title":{"rendered":"For the 2nd time in weeks, Microsoft packages laced with credential stealer"},"content":{"rendered":"
\n
\n Dan Goodin
\n <\/strong>
\n •
\nJune 8, 2026\n<\/div>\n\n

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents.<\/p>\n

In all, multiple<\/a> researchers said<\/a>, 73 packages were flagged as malicious when automated systems on GitHub blocked them on the platform. Rather than noting they are malicious\u2014and that developers who used AI agents to work with them should assume their systems are compromised\u2014the Microsoft-owned GitHub said it disabled the packages \u201cdue to a violation of GitHub’s terms of service.\u201d The text went on to encourage the package owner to contact GitHub.<\/p>\n

Devs: Assume compromise and proceed accordingly<\/h2>\n

It wasn\u2019t until Monday that Microsoft even raised the possibility the packages were infected. In an email, the company stated: \u201cWe have temporarily removed some repositories as we investigate potential malicious content.\u201d<\/p>\n

Read full article<\/a><\/p>\n

Comments<\/a><\/p>\n

Read the full article →<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Dan Goodin • June 8, 2026 Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents. In all, multiple researchers said, 73 packages were flagged as malicious when automated systems on GitHub blocked them on<\/p>\n

READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-9486","post","type-post","status-publish","format-standard","hentry","category-artificial-intelligence"],"_links":{"self":[{"href":"https:\/\/news.theck1.no\/index.php?rest_route=\/wp\/v2\/posts\/9486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/news.theck1.no\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news.theck1.no\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news.theck1.no\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news.theck1.no\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9486"}],"version-history":[{"count":0,"href":"https:\/\/news.theck1.no\/index.php?rest_route=\/wp\/v2\/posts\/9486\/revisions"}],"wp:attachment":[{"href":"https:\/\/news.theck1.no\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news.theck1.no\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news.theck1.no\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}