AttackFeed by Joe Wagner | Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets  - The Hacker News

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets  – The Hacker News

Posted on By [email protected] (The Hacker News)
Attack Feeds

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors.
The Rust packages, published to crates.io, are listed below –

chrono_anchor
dnp3times
time_calibrator
time_calibrators
time-sync

The crates, per Socket, impersonate timeapi.io and were published between late February and early March  –

Read More  – The Hacker News 

You may also like

AttackFeed by Joe Wagner | MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems  - The Hacker News
Attack Feeds
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems  – The Hacker News
May 18, 2026
AttackFeed by Joe Wagner | Google and Amnesty International teamed up to make it harder for spyware vendors to hide  - CyberScoop
Attack Feeds
Google and Amnesty International teamed up to make it harder for spyware vendors to hide  – CyberScoop
May 12, 2026
AttackFeed by Joe Wagner | Application Security Strategies Are Changing as AI-generated Code Floods the SDLC  - Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Application Security Strategies Are Changing as AI-generated Code Floods the SDLC  – Hackread – Cybersecurity News, Data Breaches, AI and More
May 6, 2026
AttackFeed by Joe Wagner | Cisco Patches 48 Firewall Vulnerabilities with Two CVSS 10 Flaws  - Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Cisco Patches 48 Firewall Vulnerabilities with Two CVSS 10 Flaws  – Hackread – Cybersecurity News, Data Breaches, AI and More
March 6, 2026