A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily. NuGet is an open-source package manager and ...

Microsoft responded to developer reports that two Microsoft package files, Microsoft.Bcl.Build and Microsoft.Bcl.Compression, have been breaking the NuGet package restore feature. In a .NET Framework ...

New NuGet.org feature lets package authors add sponsor links so users can support maintainers directly through approved funding platforms.

Attackers are exploiting for the first time a known security risk in a popular MSBuild feature to place hard-to-detect malicious files in the .NET repository. Attackers are constantly coming up with ...

A baker's dozen of packages hosted on the NuGet repository for .NET software developers are actually malicious Trojan components that will compromise the installation system and download ...

Researchers have identified a popular open source package that may be hiding industrial espionage malware. "SqzrFramework480" is a .NET dynamic link library (DLL) that seems to pertain to Bozhon ...