#nuget

[ follow ]
#net #supply-chain-attack #industrial-automation #sponsorship #open-source-funding #net-ecosystem #supply-chain
Information security
fromTheregister
1 week ago

Crims plant time bomb malware in industrial .NET extensions

Malicious NuGet packages published in 2023 contained small destructive payloads hidden in benign code, scheduled to trigger between 2027–2028, including attacks on industrial PLCs.
Software development
fromInfoQ
2 weeks ago

New NuGet.org Sponsorship Feature Enables Developers to Support Package Authors

NuGet.org now lets package maintainers add sponsorship links to receive direct financial support from users.
fromThe Hacker News
3 weeks ago

Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys

Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to steal victims' cryptocurrency wallet keys. The package, Netherеum.All, has been found to harbor functionality to decode a command-and-control (C2) endpoint and exfiltrate mnemonic phrases, private keys, and keystore data, according to security company Socket.
Information security
[ Load more ]