I guess they tried again.

Author: LawnGnome

crates/time_calibrators/RUSTSEC-0000-0000.md

@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "time_calibrators"
+date = "2026-03-03"
+expect-deleted = true
+
+[versions]
+patched = []
+```
+
+# `time_calibrators` was removed from crates.io due to malicious code
+
+The `time_calibrators` crate attempted to exfiltrate `.env` files to a server
+that was in turn impersonating the legitimate `timeapi.io` service.
+
+The malicious crate had 1 version published on 2026-03-03 approximately 3 hours
+before removal and had no evidence of actual downloads. There were no crates
+depending on this crate on crates.io.
+
+Thanks to cybergeek for finding and reporting this to the Rust security
+response working group, and thanks to Emily Albini for co-ordinating with the
+crates.io team.