Safeguard
Tag

dotnet-security

Safeguard articles tagged "dotnet-security" — guides, analysis, and best practices for software supply chain and application security.

24 articles

Application Security

.NET and NuGet dependency vulnerability management

NuGet packages have delivered RATs, crypto stealers, and undisclosed data collection to .NET teams. Here's how to detect and defend against .NET/NuGet supply chain risk.

May 20, 20267 min read
Threat Intelligence

Malicious NuGet package campaigns targeting developers

Socket.dev has tracked malicious NuGet packages stealing wallets, banking credentials, and sabotaging industrial systems. See how Safeguard catches them first.

May 10, 20268 min read
Industry Analysis

C# and .NET Security Explained

C# and .NET security explained: real CVEs, NuGet supply-chain attacks, BinaryFormatter risk, and the SolarWinds lesson every .NET team needs.

Feb 23, 20267 min read
Open Source Security

NuGet supply chain attacks: typosquatting and dependency ...

NuGet typosquatting and dependency confusion let attackers plant malicious packages in .NET builds. Here's how real campaigns worked and how to stop them.

Jan 31, 20268 min read
Open Source Security

NuGet package signing, source mapping, and verifying pack...

A practical guide to NuGet package signing, source mapping, and provenance verification for .NET teams — with commands, config, and a troubleshooting checklist.

Jan 31, 20268 min read
Open Source Security

Finding vulnerable .NET dependencies with dotnet list pac...

A step-by-step guide to scanning C# projects for vulnerable NuGet packages using dotnet list package --vulnerable, plus how to fix and monitor them continuously.

Jan 31, 20267 min read
Open Source Security

Case study: a malicious NuGet package compromise and its ...

Inside the Moq/SponsorLink malicious NuGet package incident: what shipped, who was exposed, and how to harden your .NET build pipeline against the next one.

Jan 30, 20268 min read
Open Source Security

NuGet Package Manager Tampering / Spoofing Vulnerability ...

CVE-2019-0757 lets an authenticated attacker tamper with NuGet package contents on Linux/Mac. CVSS 6.5. Affected versions, timeline, and fixes inside.

Nov 29, 20257 min read
Open Source Security

NuGet package vulnerability trends report

NuGet's growing attack surface: typosquatting, steganographic malware, and patch lag are reshaping .NET supply chain risk in 2026 — here's what the data shows.

Nov 16, 20257 min read
Open Source Security

Malicious NuGet packages targeting .NET developers

A fresh wave of malicious NuGet packages is hitting .NET developers via typosquatting, MSBuild-triggered code, and IL weaving. Here's what's happening and how to respond.

Nov 15, 20257 min read
Open Source Security

NuGet typosquatting campaign report

Four disclosed NuGet typosquatting campaigns since 2024 reveal a shift toward patient, audience-specific attacks — from ICS time bombs to wallet-draining homoglyphs.

Nov 15, 20257 min read
Open Source Security

Compromised NuGet author accounts

NuGet maintainer accounts are the .NET supply chain's weakest link. Here's why account takeover beats typosquatting, and how to detect it before a CVE exists.

Nov 15, 20257 min read
dotnet-security — Safeguard Blog