TechJuice

Rogue NuGet Package Discovered in .NET Ecosystem Worth Avoiding

A malicious NuGet package posing as the popular TracerFody library poses a threat to .NET developers and software supply chains.
CSOonline

Malicious package campaign on NuGet abuses MSBuild integrations

Attackers are exploiting for the first time a known security risk in a popular MSBuild feature to place hard-to-detect malicious files in the .NET repository. Attackers are constantly coming up with ...
Visual Studio Magazine

.NET 9 Addresses NuGet Vulnerabilities in Preview 6

With new dev tooling security vulnerabilities publicized regularly, Microsoft's new .NET 9 Preview 6 addresses the problem in one specific area: NuGet packages used for sharing code libraries, tools ...