Researcher adds his fake package to Microsoft Azure SDK releases list


A security researcher was able to add a counterfeit test package to the official list of Microsoft Azure SDK latest releases. The simple trick if abused by an attacker can give off the impression that their malicious package is part of the Azure SDK suite. New package added to Azure SDK releases page This month security researcher Alex Birsan demonstrated how anyone could add their own package to the list of official Azure SDK Latest Releases. As of a few days ago, the Azure SDK releases page showed the authentic Microsoft Azure SDK releases alongside the mysterious package alexbirsantest.

https://www.bleepingcomputer.com/news/security/researcher-adds-his-fake-package-to-microsoft-azure-sdk-releases-list/