arstechnica.com/security/202... yet another unsurprising turn of events given the landscape at the moment:
“Dozens of cryptographically verified open source packages from Microsoft were compromised…to add advanced credential-stealing code… triggered when developers opened them in AI coding agents.”
73 packages run self-replicating stealer as soon as they're opened by an AI agent.
