For the 2nd time in weeks, Microsoft packages laced with credential stealer
…This was followed by a malicious build being published with valid SLSA provenance, which ultimately led to conventional scanners seeing it as a routine trusted update. By stealing legitimate maintainer credentials, the…