---
title: "ars Technica: For the 2nd time in weeks, Microsoft packages laced with credential stealer"
description: "Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents.\n\n"
canonical_url: "https://cloudsmith.com/company/press/for-the-2nd-time-in-weeks-microsoft-packages-laced-with-credential-stealer"
last_updated: "2026-06-09"
---
# ars Technica: For the 2nd time in weeks, Microsoft packages laced with credential stealer
