Microsoft package repositories have again been found hosting malicious packages containing credential-stealing malware that activates when opened by AI agents, with 73 packages identified as part of the ongoing threat.