> TritonInfoSec News
Home / Feb 26, 2026 / Story
0
#8 The Hacker News general February 25, 2026 at 12:43 UTC

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

By [email protected] (The Hacker News)

AI Summary

Socket discovered four malicious NuGet packages targeting ASP.NET developers that exfiltrate ASP.NET Identity data including user accounts, role assignments, and permission mappings. The packages also manipulate authorization rules to create persistent backdoors in victim applications, while a separate npm package campaign dropped malware on developer systems.

Read full article → https://thehackernews.com/2026/02/malicious-nuget-…

Relevance score: 84.0/100

# More from February 26

  1. 1
    Five Eyes allies warn hackers are actively exploiting Cisco SD-WAN flaws
  2. 2
    Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023 BleepingComputer
  3. 3
    Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries The Hacker News
  4. 4
    Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker The Hacker News
  5. 5
    SolarWinds Patches Four Critical Serv-U Vulnerabilities SecurityWeek
  6. 6
    Fake Next.js job interview tests backdoor developer's devices BleepingComputer
  7. 7
    CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability The Hacker News
  8. 9
    Health insurance tech provider TriZetto says more than 3 million impacted by 2024 breach
  9. 10
    Over 12 Million Users Impacted by CarGurus Data Breach SecurityWeek