Nine malicious NuGet packages capable of executing delayed attacks have been uncovered. According to Socket, a software supply chain security firm, these packages are intended to undermine database functionality and disrupt industrial control systems by executing harmful code after specified trigger dates in August 2027.
The packages, published by a user identified as ‘shanhai666’, pose a significant risk to software supply chains and highlight the importance of vigilant security practices. By leveraging time-delayed payloads, the malicious software can cause extensive damage to critical infrastructure, raising concerns about the integrity and reliability of software dependencies used within development environments.
👉 Pročitaj original: The Hacker News
