CyberSecurityBoard
Sponsor Register Login

Malicious NuGet packages drop disruptive time bombs

Recently, security researchers uncovered a series of malicious NuGet packages that deploy disruptive time bombs targeting developers and organizations using the NuGet package manager. These packages are designed to remain dormant for a period before activating destructive payloads, causing significant disruption to software development workflows and potentially compromising systems. The attackers leverage the trust developers place in NuGet packages to distribute their malicious code, highlighting the growing threat of supply chain attacks in the software development ecosystem. The malicious packages were identified through vigilant monitoring of the NuGet repository, revealing that the attackers embedded time-delayed triggers that activate after a set period or under specific conditions. This tactic allows the malware to evade early detection and maximize damage once activated. The payloads can include data destruction, system disruption, or further malware deployment, posing a severe risk to affected environments. This incident underscores the importance of rigorous package vetting, continuous monitoring, and adopting security best practices such as using package signing, dependency scanning, and implementing strict access controls in development pipelines. Organizations are urged to audit their dependencies regularly and employ automated tools to detect suspicious packages early. The rise of such sophisticated supply chain attacks calls for increased collaboration between security researchers, package repository maintainers, and the developer community to enhance the security posture of software supply chains. By sharing threat intelligence and improving detection mechanisms, the ecosystem can better defend against these evolving threats. In conclusion, the discovery of these malicious NuGet packages with disruptive time bombs serves as a critical reminder of the vulnerabilities inherent in modern software development supply chains. Proactive security measures and heightened awareness are essential to mitigate the risks posed by such attacks and protect the integrity of software projects.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 07 Nov 2025 20:55:12 +0000


Cyber News related to Malicious NuGet packages drop disruptive time bombs

Malicious NuGet packages drop disruptive time bombs - Recently, security researchers uncovered a series of malicious NuGet packages that deploy disruptive time bombs targeting developers and organizations using the NuGet package manager. These packages are designed to remain dormant for a period before ...
1 month ago Bleepingcomputer.com
Malicious PyPI packages targeting highly specific MacOS machines - As part of our software package supply chain security efforts, we continuously scan for malware in newly released PyPI and NPM packages. In this post, we describe a particularly interesting cluster of malicious packages that we've identified. In late ...
1 year ago Securitylabs.datadoghq.com
5000+ Malicious Packages Found In The Wild To Compromise Windows Systems - These packages, detected from November 2024 onward, employ sophisticated techniques to evade traditional security measures while executing harmful actions that can lead to data theft, unauthorized access, and complete system compromise. Similarly, ...
9 months ago Cybersecuritynews.com
3 PYPI Packages Caught Spreading Malware - Recent reports have highlighted the malicious spreading of malware via 3 specific Python Package Index (PyPI) packages. These 3 packages were identified and reported by Sonatype, a software supply chain security firm. ...
2 years ago Securityaffairs.com
Adobe Real-Time CDP: Personalized Customer Experience - Adobe Experience Cloud Products like Adobe Real-Time CDP are available to assist. A revolutionary solution called Adobe Real-Time Customer Data Platform was created to assist companies in realizing the whole value of their customer data. Adobe ...
2 years ago Hackread.com
Malicious NuGet Packages Target Developers with Backdoors and Data Theft - The rise of malicious NuGet packages poses a significant threat to software developers and organizations relying on the .NET ecosystem. These packages, often disguised as legitimate libraries, are increasingly being used to distribute backdoors, ...
2 months ago Cybersecuritynews.com CVE-2023-23397 APT29
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com
Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices - Affected platforms: LinuxAffected parties: Linux users that have these malicious packages installedImpact: Latency in device performanceSeverity level: High. On December 5th, 2023, FortiGuard's AI-driven OSS malware detection system identified three ...
1 year ago Feeds.fortinet.com
116 Malicious PyPI Packages Downloaded Over 10,000 Times - A cluster of malicious Python projects has been identified in PyPI, the official Python PyPI package repository, which targets both Windows and Linux systems and often deploys a custom backdoor. In certain instances, the ultimate payload consists of ...
2 years ago Cybersecuritynews.com
Misconfiguration and vulnerabilities biggest risks in cloud security: Report - The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed ...
2 years ago Csoonline.com Hunters
CVE-2025-61776 - Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.13.5, Dependency-Track may send credentials meant for a private NuGet repository to ...
2 months ago
New Typosquatting and Repojacking Tactics Uncovered on PyPI - Security researchers have identified a concerning uptick in malicious activities infiltrating open-source platforms and code repositories. This trend encompasses a wide array of malicious activities, including hosting command-and-control ...
1 year ago Infosecurity-magazine.com
Arch Linux pulls AUR packages that installed Chaos RAT malware - Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. The AUR is a repository where Arch Linux users can publish package build scripts ...
5 months ago Bleepingcomputer.com
Fake Nethereum NuGet Package Used to Steal Crypto Wallets and NFTs - A recent cybersecurity incident has revealed the use of a fake Nethereum NuGet package to steal cryptocurrency wallets and NFTs from unsuspecting users. This malicious package was designed to mimic the legitimate Nethereum package, a popular .NET ...
2 months ago Thehackernews.com
Threatening Emails Rattle Bengal Schools: Police Pursue Latvia Lead - In a statement announced Tuesday, the Kolkata Police said that more than 20 schools across the city have been threatened with bombs, which have been later revealed as hoaxes. According to the sender, bombs had been placed in numerous classrooms ...
1 year ago Cysecurity.news
Malicious NPM Packages Targeting PayPal Users to Steal Sensitive Data - FortiGuard Labs, Fortinet’s AI-driven threat intelligence arm, has uncovered a series of malicious NPM packages designed to steal sensitive information from developers and target PayPal users. Detected between March 5 and March 14, 2025, these ...
8 months ago Cybersecuritynews.com
Malicious NPM, PyPI Packages Stealing User Information - Check Point and Phylum are warning of recently identified NPM and PyPI packages designed to steal user information and download additional payloads. Taking advantage of the broad use of open source code in application development, malicious actors ...
2 years ago Securityweek.com
Malicious npm and PyPI Pose as Developer Tools to Steal Login Credentials - The researchers noted that the packages employ various exfiltration methods to transmit stolen credentials to threat actors, with react-native-scrollpageviewtest using Google Analytics as its exfiltration channel, while the PyPI packages leverage ...
8 months ago Cybersecuritynews.com
'everything' blocks devs from removing their own npm packages - Since these 3,000+ packages manage to include every single npm package on the npmjs.com registry as their dependency, npm package authors who have ever published to the npm registry would now be unable to remove their packages at will, because of ...
1 year ago Bleepingcomputer.com
Malicious PyPI packages abuse Gmail, websockets to hijack systems - Using a 'Client' class, the malware forwards traffic from the remote host to the local system through the tunnel, allowing internal admin panel and API access, file transfer, email exfiltration, shell command execution, credentials harvesting, and ...
7 months ago Bleepingcomputer.com Snatch
Lazarus Hackers Weaponized 6 npm Packages To Steal Logins - The hackers successfully compromised six popular npm packages, injecting malicious code designed to harvest login credentials from thousands of developers and organizations worldwide. A sophisticated supply chain attack orchestrated by the notorious ...
9 months ago Cybersecuritynews.com Lazarus Group
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
1 year ago Securelist.com
Helping to keep the lights on in Ukraine in the face of electronic warfare - Ukraine's high-voltage electricity substations rely on GPS for time synchronization. Many of Ukraine's high-voltage electrical substations - which play a vital role in the country's domestic transmission of power - make extensive use of the ...
2 years ago Blog.talosintelligence.com
Lazarus Adds New Malicious npm Packages with Hexadecimal Encoding - These packages, part of the broader Contagious Interview operation, are designed to evade automated detection systems and manual code audits, marking a significant evolution in the group’s approach to cyber espionage and financial theft. The ...
8 months ago Cybersecuritynews.com Lazarus Group

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)