MEDIUMSupply Chain
Global

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

·Source: The Hacker News

Updated:

Executive Summary

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to

Analysis

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to
Source Attribution

Originally published by The Hacker News on May 29, 2026.

Related Threats

CRITICALSupply ChainPOC

Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’

Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that can’t wait for the company’s quarterly patching. The initial batch addresses 35 flaws, including several for which exploit code is publicly available. In total, there are 11 flaws rated ‘critical’ , 18 rated ‘high’, and 6 ‘medium’. The most im

CVE-2026-46840CVE-2026-46775
CSO Online
MEDIUMSupply Chain

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential

The Hacker News
MEDIUMSupply Chain

Containers on fire: from container escapes to supply chain attacks

We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks.

Securelist (Kaspersky)