logo

For the 2nd time in weeks, Microsoft packages laced with credential stealer

ID: 15611232-dbc3-59c2-9742-f8261387023c

STIX ID: report--15611232-dbc3-59c2-9742-f8261387023c

Feed Name: Ars Technica Security (category)

Threat Score
90/100

Date Published: 2026-06-08

Date Updated: 2026-06-08

Author: Dan Goodin

...
...

Dozens of Microsoft-owned open-source packages on GitHub were compromised to deliver Miasma, a credential‑stealing malware that harvests OIDC tokens and credentials for AWS, Azure, GCP, Kubernetes, password managers and many developer tools, then spreads laterally; 73 packages were flagged and the activity has been linked to threat actor TeamPCP, with Microsoft temporarily removing affected repositories while investigating.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.