Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
The Hacker News | #1 Trusted Source for Cybersecurity News [Uno…
February 25, 2026
Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data.
The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.
Discussion in the ATmosphere