Tag
For the second time in weeks, Microsoft's verified open-source packages were compromised with credential-stealing malware, affecting 73 packages on GitHub. The attack, linked to threat actor TeamPCP, uses stolen OIDC tokens and spreads laterally through cloud infrastructures.