Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Published: 1 week ago (May 29, 2026 at 05:11 AM EDT)

1 min read

Source: The Hacker News

Malicious NuGet Package

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil’s largest cooperative financial systems, to siphon client IDs and PFX certificates.

According to Socket, versions 2.0.0 through 2.0.4 of Sicoob.Sdk contain functionality to exfiltrate sensitive information, including PFX certificates that are used to…

Back to Blog

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associ...

California sues 23andMe over 2023 data breach that affected 7 million users

!Marker with 23andMe logohttps://www.engadget.com/img/gallery/california-sues-23andme-over-2023-data-breach-that-affected-7-million-users/intro-1780041568.jpg b...

The Chrome browser is getting a big safety upgrade — if you use Windows

!https://www.androidauthority.com/wp-content/uploads/2024/05/Google-or-Google-Search-logo-on-Chromebook-laptop-stock-photo-1.jpg TL;DR - Google has announced th...

FBI warns of fake FIFA websites running World Cup fraud schemes

!https://www.bleepstatic.com/content/hl-images/2026/05/28/worldcup.jpg The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, aimin...

Malicious NuGet Package

Related posts

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

California sues 23andMe over 2023 data breach that affected 7 million users

The Chrome browser is getting a big safety upgrade — if you use Windows

FBI warns of fake FIFA websites running World Cup fraud schemes