NuGet PackageReference for C++ Projects in Visual Studio

https://devblogs.microsoft.com/cppblog/nuget-packagereference-for-c-projects-in-visual-studio/

#nuget #cpp #visualstudio #packagemanager

NuGet Package Pruning: Cleaner Dependencies and Actionable Vulnerability Reports

https://devblogs.microsoft.com/dotnet/nuget-package-pruning-in-dotnet-10/?hide_banner=true

#nuget #dotnet #packagemanager #security

From the .NET blog...

In case you missed it earlier...

NuGet Package Pruning: Cleaner Dependencies and Actionable Vulnerability Reports
https://devblogs.microsoft.com/dotnet/nuget-package-pruning-in-dotnet-10/ #dotnet #NuGet #Security #audit #dotnet10 #packagepruning #vulnerabilities

via @dotnet : NuGet Package Pruning: Cleaner Dependencies and Actionable Vulnerability Reports

https://ift.tt/mUszAVv
#NuGet #PackagePruning #DotNet10 #DependencyManagement #VulnerabilityReports #TransitiveDependencies #FalsePositives #RestoreGraph #PrivateAsset…

NuGet Package Pruning: Cleaner Dependencies and Actionable Vulnerability Reports
https://devblogs.microsoft.com/dotnet/nuget-package-pruning-in-dotnet-10/

#microsoft #NET #NuGet #Security #audit #dotnet10 #package_pruning #vulnerabilities

From the .NET blog...

NuGet Package Pruning: Cleaner Dependencies and Actionable Vulnerability Reports
https://devblogs.microsoft.com/dotnet/nuget-package-pruning-in-dotnet-10/ #dotnet #NuGet #Security #audit #dotnet10 #packagepruning #vulnerabilities

> 120 malicious packages have been pulled from RubyGems

https://thehackernews.com/2026/05/rubygems-suspends-new-signups-after.html

For those counting: #npm, #PyPI, #RubyGems, #cargo #NuGet, #packagist and #Maven so far…

5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

Pulse ID: 6a0160261c57f2812cc5a92c
Pulse Link: https://otx.alienvault.com/pulse/6a0160261c57f2812cc5a92c
Pulse Author: Tr1sa111
Created: 2026-05-11 04:50:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Chinese #CyberSecurity #InfoSec #NuGet #OTX #OpenThreatExchange #bot #Tr1sa111

5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

Five malicious NuGet packages published under account bmrxntfj impersonate Chinese .NET libraries to deploy an infostealer targeting browser credentials, cryptocurrency wallets, SSH keys, and local files. The packages typosquat legitimate Chinese UI and infrastructure libraries, grafting .NET Reactor-protected payloads onto decompiled legitimate code. The campaign uses version rotation to evade hash-based detection, with 219 of 224 total versions unlisted but fetchable. The stealer targets 12 browsers, 8 desktop crypto wallets, and 5 browser wallet extensions, exfiltrating data to a newly-registered C2 domain. With approximately 65,000 downloads across all versions, the campaign puts tens of thousands of developer workstations and CI/CD build servers at risk. The payload executes through .NET module initializers, hooks the CLR JIT compiler, and supports cross-platform infection including Linux and macOS infrastructure.

Pulse ID: 69fcc64069bf35be793669dd
Pulse Link: https://otx.alienvault.com/pulse/69fcc64069bf35be793669dd
Pulse Author: AlienVault
Created: 2026-05-07 17:05:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Chinese #CyberSecurity #InfoSec #InfoStealer #Linux #Mac #MacOS #NET #NuGet #OTX #OpenThreatExchange #RAT #SSH #bot #cryptocurrency #AlienVault

#Nuget: Malicious NuGet packages mimicked trusted .NET libraries to steal credentials, key crypto wallets.
Packages:

IR.DantUI, IR.OscarUI, IR.Infrastructure.Core, IR.Infrastructure.DataService.Core, IR.iplus32

included an infostealer #malware:
👇
https://gbhackers.com/malicious-nuget-packages-2/