Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a...

Timing Attacks

Stripe.net is vulnerable to timing attacks. The vulnerability exists due to the usage of non-constant time comparison methods, which causes information to be revealed through different time taken when comparing signatures...