Malicious NuGet Packages Target Databases and PLCs

Researchers at Socket identified nine malicious NuGet packages designed to sabotage database implementations and Siemens S7 industrial control devices. These packages, published under the developer name shanhai666, contain legitimate functionality alongside harmful code scheduled to activate between 2027 and 2028. The most dangerous package, Sharp7Extend, targets users of the legitimate Sharp7 library, exploiting developers searching for extensions. The packages use a probabilistic trigger, making activation uncertain and complicating incident response.

Latest mentioned: 11-07

Earliest mentioned: 11-07

Sources

thehackernews.com bleepingcomputer.com theregister.com

Also Read

Phishing Campaign Targets Hotel Booking Accounts Worldwide

Cybersecurity researchers have uncovered a sophisticated phishing campaign exploiting compromised hotel booking accounts to defraud travellers. The operation, active since April 2025, uses stolen credentials from hotel administrators to impersonate legitimate communications and direct customers to fraudulent billing pages. The attack begins with spear-phishing emails targeting hotel staff, leading to the installation of PureRAT malware. Once in control, attackers use compromised accounts to execute banking fraud against guests, resulting in significant financial losses.

11-07Read more →