The Hacker News

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database ...

Malicious NuGet packages drop disruptive 'time bombs'

Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database ...
Developer Tech

Malicious time bomb packages on NuGet target databases, industry

Security researchers have uncovered malicious packages on NuGet that act as time-delayed time bombs aimed at databases and ...

Industrial computing systems at risk from "time bombs " in malicious NuGet packages

The payload is triggered only between August 8, 2027, and November 29, 2028, and does two destructive things: randomly kills ...
Cryptopolitan on MSN

9 malicious NuGet package caught hiding, set to detonate in 2027–2028

Two years ago, an account with the name "shanhai666" uploaded nine malicious NuGet packages. This launched a complicated ...

Cybercrims plant destructive time bomb malware in industrial .NET extensions

Sharp7Extend was programmed differently in that it does not have a delayed fuse. Downloaded more than 2,000 times according ...
Bleeping Computer

Malicious NuGet packages abuse MSBuild to install malware

A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily. NuGet is an open-source package manager and ...
Visual Studio Magazine

NuGet Inside the Firewall

NuGet extends Visual Studio by simplifying the process of installing and updating third-party libraries and tools. It has limitations in a local private network, however. Here's what you need to know, ...
Ars Technica

nuget is utter garbage.

* Preface: I'm sure it's worked flawlessly for you since day one, and I am somehow an incompetent fool that can't RTFM. However, I base my opinions on facts from experience. I've had no problems with ...