Post #8485

@thehackernews

The Hacker News

Views8,700Post view count

PostedFeb 2502/25/2026, 12:47 PM

Post content

🚨 Over 50,000 npm and 4,500 NuGet users were hit by malicious packages before they were pulled. The NuGet attack rewrote ASP_NET authorization for instant admin access, while the npm variant used preinstall hooks to deploy OS-specific malware and exfiltrate data. 🔗 Read → https://thehackernews.com/2026/02/malicious-nuget-packages-stole-aspnet.html