Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...

Malicious StripeApi.Net package on NuGet mimicked Stripe.net, logged 180,000 downloads, and stole Stripe API tokens before removal.

A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily. NuGet is an open-source package manager and ...

A baker's dozen of packages hosted on the NuGet repository for .NET software developers are actually malicious Trojan components that will compromise the installation system and download ...

Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. The embedded malicious ...

Attackers are exploiting for the first time a known security risk in a popular MSBuild feature to place hard-to-detect malicious files in the .NET repository. Attackers are constantly coming up with ...

With new dev tooling security vulnerabilities publicized regularly, Microsoft's new .NET 9 Preview 6 addresses the problem in one specific area: NuGet packages used for sharing code libraries, tools ...

Researchers have identified a popular open source package that may be hiding industrial espionage malware. "SqzrFramework480" is a .NET dynamic link library (DLL) that seems to pertain to Bozhon ...

Socket found nine NuGet packages with delayed sabotage targeting industrial control systems Sharp7Extend can corrupt Siemens S7 PLCs and randomly crash host processes Malicious code activates in ...

You can ensure your project has all its NuGet packages when you do a build. First, go to Tools | NuGet Package Manager | Package Manager Settings to display the ...