cognitive cybersecurity intelligence

News and Analysis

Malicious NuGet packages abuse MSBuild to install malware

A new typosquatting campaign using the open-source package manager, NuGet, has been identified as potentially infecting Windows systems with malware. Packages employed in the campaign use MSBuild integration to run codes in a stealthy manner. Though this feature enhances the building and packaging process for software projects, it opens up a new vulnerability for script execution during a package’s installation. This is the first documented instance of threat actors exploiting this feature in NuGet packages.

Source: www.bleepingcomputer.com –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts

Flow Security Launches GenAI DLP

Flow Security, an Israel-based data security platform, has incorporated a GenAI DLP module to secure data for GenAI services and applications. The move seeks to