MAL-2026-5336 Malicious code in solana-cli-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1906f26c40e0ea91316c6c85ba5fea16d52a711c7a5edf3d847578cdd653715 During import, the package exfiltrates sensitive data credentials, SSH keys, cryptowallet's data. It also establishes persistence via a cronjob. --- Category:...

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chronoanchor dnp3times timecalibrator timecalibrators time-sync The crates,...

`time-sync` was removed from crates.io due to malicious code

The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...