Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.