Wednesday, 11 March 2026

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

iT4iNT SERVER Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors.
The Rust packages, published to crates.io, are listed below -

chrono_anchor
dnp3times
time_calibrator
time_calibrators
time-sync

The crates, per Socket, impersonate timeapi.io and were published between late February and early March VDS VPS Cloud


http://dlvr.it/TRQQ75
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

iT4iNT SERVER A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email cre...