laced

For the 2nd time in weeks, Microsoft packages laced with credential stealer

by Dan Goodin
June 8, 2026
I.T. Today
3 min read

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents. In all, multiple researchers said,…

Android apps laced with North Korean spyware found in Google Play

by Dan Goodin
March 12, 2025
I.T. Today
2 min read

Researchers have discovered multiple Android apps, some that were available in Google Play after passing the company’s security vetting, that surreptitiously uploaded sensitive user information to spies working for the North Korean government. Samples of…