cognitive cybersecurity intelligence

News and Analysis

Malicious NuGet packages abuse MSBuild to install malware

A new typosquatting campaign using the open-source package manager, NuGet, has been identified as potentially infecting Windows systems with malware. Packages employed in the campaign use MSBuild integration to run codes in a stealthy manner. Though this feature enhances the building and packaging process for software projects, it opens up a new vulnerability for script execution during a package’s installation. This is the first documented instance of threat actors exploiting this feature in NuGet packages.

Source: www.bleepingcomputer.com –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

News and Analysis

Malicious NuGet packages abuse MSBuild to install malware

Subscribe to newsletter

More Posts

Goldman Sachs Says Some Clients’ Data May Have Been Exposed in Law Firm Data Breach

When One Vulnerability Breaks the Internet and Millions of Devices Join In

Windows LPE Vulnerabilities via Kernel Drivers and Named Pipes Allows Privilege Escalation

Shai-Hulud Returns with ‘Golden Path’ Malware in Latest NPM Supply Chain Attack – The Cyber Express

Products

Solutions

Healthcare cybersecurity

Healthcare Threat Intelligence

Use Cases

News and Analysis

Insights

Company