dotnet-security
Safeguard articles tagged "dotnet-security" — guides, analysis, and best practices for software supply chain and application security.
24 articles
.NET and NuGet dependency vulnerability management
NuGet packages have delivered RATs, crypto stealers, and undisclosed data collection to .NET teams. Here's how to detect and defend against .NET/NuGet supply chain risk.
Malicious NuGet package campaigns targeting developers
Socket.dev has tracked malicious NuGet packages stealing wallets, banking credentials, and sabotaging industrial systems. See how Safeguard catches them first.
C# and .NET Security Explained
C# and .NET security explained: real CVEs, NuGet supply-chain attacks, BinaryFormatter risk, and the SolarWinds lesson every .NET team needs.
NuGet supply chain attacks: typosquatting and dependency ...
NuGet typosquatting and dependency confusion let attackers plant malicious packages in .NET builds. Here's how real campaigns worked and how to stop them.
NuGet package signing, source mapping, and verifying pack...
A practical guide to NuGet package signing, source mapping, and provenance verification for .NET teams — with commands, config, and a troubleshooting checklist.
Finding vulnerable .NET dependencies with dotnet list pac...
A step-by-step guide to scanning C# projects for vulnerable NuGet packages using dotnet list package --vulnerable, plus how to fix and monitor them continuously.
Case study: a malicious NuGet package compromise and its ...
Inside the Moq/SponsorLink malicious NuGet package incident: what shipped, who was exposed, and how to harden your .NET build pipeline against the next one.
NuGet Package Manager Tampering / Spoofing Vulnerability ...
CVE-2019-0757 lets an authenticated attacker tamper with NuGet package contents on Linux/Mac. CVSS 6.5. Affected versions, timeline, and fixes inside.
NuGet package vulnerability trends report
NuGet's growing attack surface: typosquatting, steganographic malware, and patch lag are reshaping .NET supply chain risk in 2026 — here's what the data shows.
Malicious NuGet packages targeting .NET developers
A fresh wave of malicious NuGet packages is hitting .NET developers via typosquatting, MSBuild-triggered code, and IL weaving. Here's what's happening and how to respond.
NuGet typosquatting campaign report
Four disclosed NuGet typosquatting campaigns since 2024 reveal a shift toward patient, audience-specific attacks — from ICS time bombs to wallet-draining homoglyphs.
Compromised NuGet author accounts
NuGet maintainer accounts are the .NET supply chain's weakest link. Here's why account takeover beats typosquatting, and how to detect it before a CVE exists.