Cybersecurity & Data Protection
1
UPVOTE
thehackernews.com

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
TN

The Hacker News

13d ago
1 0

Discussion

Say something first

It all starts with you—share your thoughts now.

No comments yet.

Be the first to share your take and keep the conversation moving.

Join the conversation

Log in or sign up to add your comment and participate in the discussion!

Log In Sign Up

UPVOTERS

Community appreciation

See who found this content valuable and showed their support.

g_richard

Golden Greta

Golden GretaUpvoted 13d ago1 comments · 24 shares

TOPICS

Explore the same topics

Discover more content from the topics this post is mapped to.

bleepingcomputer.com
New ‘Pack2TheRoot’ flaw gives hackers root Linux access

A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain ro…
SA

SariMartinez

3h ago
0
thehackernews.com
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Surviv…

The U. S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptiv…
Carlos the great

Carlos the great

3h ago
0
darkreading.com
Glasswing Secured the Code. The Rest of Your Stack Is Still on …

Forgotten integrations, shadow IT, SaaS, and now shadow AI and agents are everywhere, and attackers don't need sophisticated AI models to take advantage.
DR

Dark Reading

5h ago
0
bleepingcomputer.com
DORA and operational resilience: Credential management as a fin…

Article 9 of DORA makes authentication and access control a legal obligation for EU financial entities. Here is what the regulation requires, and what a breach…
Noor Bakker

Noor Bakker

5h ago
0
thehackernews.com
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. …

The Office of Inspector General (OIG) of the U. S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U. S. re…
NightCurator

NightCurator

6h ago
0
schneier.com
Hiding Bluetooth Trackers in Mail

It was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted o…
SS

Schneier on Security

6h ago
0

Keep browsing

Explore more from this topic

Dive into the full feed of curated posts covering Cybersecurity & Data Protection.

Browse Topics

RELATED CONTENT

Continue exploring

Discover more content that aligns with your interests and this post.

thehackernews.com
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Surviv…

The U. S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptiv…
Carlos the great

Carlos the great

3h ago
0
thehackernews.com
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. …

The Office of Inspector General (OIG) of the U. S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U. S. re…
NightCurator

NightCurator

6h ago
0
thehackernews.com
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy …

Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitat…
TN

The Hacker News

9h ago
0
thehackernews.com
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Discl…

A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild…
SA

SariMartinez

12h ago
0
thehackernews.com
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy …

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a cust…
Marcus Allen

Marcus Allen

1d ago
0
thehackernews.com
Malicious KICS Docker Images and VS Code Extensions Hit Checkma…

Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software…
EK

Emma Klein

2d ago
0

Still curious?

See more related posts

Keep the inspiration flowing with fresh submissions and trending finds from the community.

View Latest