Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

Updated on November 7, 2025

A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems.
According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named “shanhai666” and are designed to run malicious code after specific trigger dates in August 2027 and…

Read the rest of the story at Read More

Source: The Hacker News

November 11, 2025 Uncategorized

GootLoader Is Back, Using a New Font Tri...

May 2, 2025 Uncategorized

MintsLoader Drops GhostWeaver via Phishi...

September 24, 2024 Uncategorized

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

Related posts

GootLoader Is Back, Using a New Font Tri...

MintsLoader Drops GhostWeaver via Phishi...

The SSPM Justification Kit

Leave a Comment Cancel reply

Recent News

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide