For the 2nd time in weeks, Microsoft packages laced with credential stealer
5 hours ago
- #supply-chain-attack
- #credential-theft
- #Microsoft-packages
- 73 verified open-source Microsoft packages were compromised with credential-stealing malware.
- The malware, tracked as Miasma, steals credentials from AWS, Azure, GCP, and other tools.
- Attack linked to TeamPCP uses stolen OIDC tokens to bypass build pipelines and spread laterally.
- This is the second recent supply-chain attack breaching Microsoft's official repository accounts.
- GitHub initially cited terms violations, delaying explicit malware warnings to developers.