Cybersecurity researchers have discovered a malicious NuGet
package that masquerades as a C# software development kit for
Sicoob, one of Brazil's largest cooperative financial systems, to
siphon client IDs and PFX certificates. According to Socket,
versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality
to exfiltrate sensitive information, including PFX certificates
that are used to
Read more https://thehackernews.com/2026/05/malicious-sicoob-nuget-steals-banking.html
