Wednesday, 11 March 2026

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

iT4iNT SERVER Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors.
The Rust packages, published to crates.io, are listed below -

chrono_anchor
dnp3times
time_calibrator
time_calibrators
time-sync

The crates, per Socket, impersonate timeapi.io and were published between late February and early March VDS VPS Cloud


http://dlvr.it/TRQQ75
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

iT4iNT SERVER Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) ...