Cryptopolitan on MSN

9 malicious NuGet package caught hiding, set to detonate in 2027–2028

Two years ago, an account with the name "shanhai666" uploaded nine malicious NuGet packages. This launched a complicated ...

Cybercrims plant destructive time bomb malware in industrial .NET extensions

Sharp7Extend was programmed differently in that it does not have a delayed fuse. Downloaded more than 2,000 times according to Socket, the extension's malicious code is activated immediately upon ...
CSOonline

Malicious package campaign on NuGet abuses MSBuild integrations

Attackers are exploiting for the first time a known security risk in a popular MSBuild feature to place hard-to-detect malicious files in the .NET repository. Attackers are constantly coming up with ...

Industrial computing systems at risk from "time bombs " in malicious NuGet packages

According to Socket, the packages targeted all three major database providers used in .NET applications - SQL Server, PostgreSQL, and SQLite, adding that the ...