Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices.

The embedded malicious code uses a probabilistic trigger, so it may or may not activate depending on a set of parameters on the infected device.

NuGet is an open-source package manager and software distribution system, enabling developers to download and include ready-to-run. NET libraries for their projects.