Microsoft's open source packages were compromised last week, adding advanced credential-stealing code that activated when developers interacted with them using AI coding agents. A total of 73 packages were flagged as malicious by GitHub's automated systems. While GitHub initially cited a violation of terms for disabling the packages, it was not until later that Microsoft acknowledged the attack, linked to the threat actor TeamPCP. The malware, known as Miasma, exploits the trust model of the engineering ecosystem rather than software vulnerabilities, allowing it to execute a payload that steals credentials from various platforms and spreads through cloud infrastructures.
CybersecurityOpen SourceSupply Chain Attack+1
CybersecurityOpen SourceSupply Chain AttackMalware
Microsoft Faces Second Credential Stealing Attack on Open Source Packages
Ars Technica AI· Dan Goodin· Tuesday, June 9, 2026
More Articles From This Day
Generative AIAI Agents+2
Generative AIAI AgentsOpenAIProduct Launch
OpenAI Announces Major Overhaul of ChatGPT to Transform It into a Revenue-Generating Superapp
OpenAI is set to implement the most significant transformation of ChatGPT since its inception, aiming to evolve the chatbot into a 'superapp' that integrates coding tools and AI agents. This initiative is part of a strategic reorganization aimed at attracting business customers and increasing revenue, as the company prepares for a potential public listing this year. Current and former employees indicate that the overhaul is a response to increasing competition from rival Anthropic and reflects OpenAI's focus on growth opportunities within the $850 billion AI market.