Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

New Malicious Rust Crates Impersonating fast_log Discovered

A recent cybersecurity investigation has uncovered new malicious Rust crates that impersonate the popular fast_log logging library. These crates are designed to deceive developers by mimicking legitimate packages, thereby infiltrating software supply chains and potentially compromising systems that integrate them. The malicious crates contain hidden payloads that can execute unauthorized code, steal sensitive information, or create backdoors for further exploitation. This discovery highlights the growing threat of supply chain attacks in the Rust ecosystem, emphasizing the need for developers to verify package authenticity and maintain vigilant security practices. The cybersecurity community is urged to monitor such threats closely and implement robust dependency management strategies to mitigate risks associated with malicious open-source components. This article delves into the technical details of the malicious crates, their detection, and recommended countermeasures to protect development environments and production systems from similar attacks.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 26 Sep 2025 09:10:18 +0000

Cyber News related to New Malicious Rust Crates Impersonating fast_log Discovered

New Malicious Rust Crates Impersonating fast_log Discovered - A recent cybersecurity investigation has uncovered new malicious Rust crates that impersonate the popular fast_log logging library. These crates are designed to deceive developers by mimicking legitimate packages, thereby infiltrating software supply ...
1 week ago Cybersecuritynews.com

FLOSS for Gophers and Crabs: Extracting Strings from Go and Rust Executables - To support the static analysis of Go and Rust executables, FLOSS now extracts program strings using enhanced algorithms. Where traditional extraction algorithms provide compound and confusing string output FLOSS recovers the individual Go and Rust ...
1 year ago Mandiant.com

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2023-40030 - Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package ...
2 years ago

CVE-2019-16760 - Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and ...
5 years ago

New Linux Kernel Code Written In Rust To Eliminate Memory Safety Bugs - Since Rust was officially merged into the Linux kernel in October 2022, development teams have been steadily working to implement Rust-based drivers and components that inherently prevent common memory-related security issues. The Linux kernel has ...
6 months ago Cybersecuritynews.com

Critical Rust Flaw Poses Exploit Threat in Specific Windows Use Cases - The Rust Project has issued an update for its standard library, after a vulnerability researcher discovered a specific function used to execute batch files on Windows systems could be exploited using an injection flaw. The set of common functions ...
1 year ago Darkreading.com CVE-2024-24576

Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities - Google today announced a grant of $1 million to the Rust Foundation, meant to help improve the interoperability between Rust and C++ code. The internet giant joined the Rust Foundation in 2021, for the same reason, and has adopted the memory-safe ...
1 year ago Securityweek.com

Malicious Rust Crates Steal Solana and Phantom Wallets, Targeting Crypto Users - In a recent cybersecurity alert, researchers have uncovered malicious Rust crates designed to steal cryptocurrency wallets, specifically targeting Solana and Phantom wallet users. These malicious crates, disguised as legitimate software packages, are ...
1 week ago Thehackernews.com

CVE-2022-36113 - Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is ...
2 years ago

Google throws $1m at Rust Foundation to build C++ bridges The Register - Google on Monday donated $1 million to the Rust Foundation specifically to improve interoperability between the language and C++. C++, a popular general purpose programming language, has arguably fallen out of fashion due to concerns over safety. ...
1 year ago Go.theregister.com

CVE-2022-36114 - Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that ...
2 years ago

CVE-2025-38033 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

CVE-2023-30624 - Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior ...
2 years ago

Malicious Rust packages on Crates.io steal crypto wallet keys - Recently, security researchers uncovered a series of malicious Rust packages hosted on Crates.io, the official Rust package registry, designed to steal cryptocurrency wallet keys from developers who inadvertently include these packages in their ...
1 week ago Bleepingcomputer.com

Hamas-Linked APT Wields New SysJoker Backdoor Against Israel - Attackers linked to the Palestinian militant group Hamas are using a revamped version of the SysJoker multi-platform backdoor to attack targets in Israel as the current conflict between the two continues despite a current pause in the fighting. An ...
1 year ago Darkreading.com

Lazarus Group bang on trend with memory-safe Dlang malware The Register - Research into Lazarus Group's attacks using Log4Shell has revealed novel malware strains written in an atypical programming language. DLang is among the newer breed of memory-safe languages being endorsed by Western security agencies over the past ...
1 year ago Go.theregister.com Andariel Lazarus Group

Google Pushes Software Security Via Rust, AI-Based Fuzzing - Google is making moves to help developers ensure that their code is secure. The IT giant this week said it is donating $1 million to the Rust Foundation to improve interoperability between the Rust programming language and legacy C++ codebase in ...
1 year ago Securityboulevard.com

Researchers Compared Malware Development in Rust vs C & C++ Languages - A comprehensive analysis conducted in 2023 by the Rochester Institute of Technology aimed to assess whether malware developed in Rust truly presents greater challenges to security analysts than traditional C/C++ implementations. The investigation ...
6 months ago Cybersecuritynews.com

The Verge is not interested in interviewing you about crypto - If you get a message from someone at The Verge asking to schedule an interview about cryptocurrency, don't do it. We recently discovered that a bad actor has been impersonating Verge science reporter Justine Calma to carry out this scam. If a victim ...
1 year ago Theverge.com

RIFT - New Open-Source Tool From Microsoft to Analyze Malware Hidden Within Rust Binaries - By open-sourcing RIFT, Microsoft aims to strengthen global cybersecurity defenses against the rising threat of Rust-based malware, providing the security community with essential tools to combat increasingly sophisticated cyber threats. The RIFT ...
3 months ago Cybersecuritynews.com

CVE-2024-47763 - Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if ...
11 months ago

CVE-2022-46176 - Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) ...
2 years ago

East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com

CVE-2022-39294 - conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request's length before calling ...
2 years ago

Fraudsters make $50,000 a day by spoofing crypto researchers - Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X. To lure potential victims, the scammer uses a breach on major ...
1 year ago Bleepingcomputer.com