Search Results: RustSecurity

Two malicious packages in Rust's official crate repository, downloaded over 8,500 times, secretly scanned developers' systems for cryptocurrency private keys. Disguised as legitimate logging tools, the crates exfiltrated sensitive data to a rogue Cloudflare Worker endpoint. The incident underscores the persistent threat of supply chain attacks in open-source ecosystems.

A new static analysis tool called Paralegal is transforming how developers uncover privacy bugs in Rust applications by distributing responsibilities between privacy engineers and coders. Leveraging Rust's ownership system and program dependence graphs, it found unknown vulnerabilities in real-world apps and outperforms tools like CodeQL. This breakthrough offers a practical, maintainable solution for securing modern software.