Bleeping Computer

Microsoft's Azure SDK site tricked into listing fake package

Additionally, one of the users pointed out that a GitHub commit was pushed by the "azure-sdk" bot and added the alexbirsantest package to the CSV file supposedly used for populating the Microsoft ...
ZDNet

Malicious npm packages target Azure developers to steal personal data

According to researchers Andrey Polkovnychenko and Shachar Menashe, the repositories were first detected on March 21 and steadily grew from roughly 50 malicious npm packages to over 200 in a matter of ...