Bleeping Computer

Malicious NuGet packages abuse MSBuild to install malware

A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily. NuGet is an open-source package manager and ...
Hosted on MSN

Socket flags malicious NuGet packages set to activate in 2027 and 2028

Two years ago, an account with the name “shanhai666” uploaded nine malicious NuGet packages. This launched a complicated software supply-chain attack. According to supply-chain security firm Socket, ...