Cybersecurity researchers have discovered four malicious NuGet
packages that are designed to target ASP.NET web application
developers to steal sensitive data. The campaign, discovered by
Socket, exfiltrates ASP.NET Identity data, including user accounts,
role assignments, and permission mappings, as well as manipulates
authorization rules to create persistent backdoors in victim
applications.
Read more https://thehackernews.com/2026/02/malicious-nuget-packages-stole-aspnet.html
