Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

March 10, 2026

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March

from The Hacker News https://ift.tt/LTkSt7x
via Cyber Security

Bitcoin Mining

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Popular Feeds

Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages

FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Featured News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

Random Posts

Popular Posts

Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages

FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Bitcoin Mining

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

You may like these posts

Share

Popular Feeds

Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages

FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Featured News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

Random Posts

Popular Posts

Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages

FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials

Where Multi-Factor Authentication Stops and Credential Abuse Starts