CVE-2026-28353

Researchers found five malicious Rust crates on crates.io that exfiltrated .env files. Packages were removed. Users should rotate secrets, audit CI workflows and restrict outbound access to reduce supply chain risk.