Malicious Ruby Gems, Go Modules Exploit CI Pipelines for Credential Theft

Malicious actors are targeting developers and CI pipelines with fake Ruby Gems and Go Modules, masquerading as familiar libraries to steal credentials. The campaign, linked to the GitHub account BufferZoneCorp, poses a significant threat to software supply chains.

https://osintsights.com/malicious-ruby-gems-go-modules-exploit-ci-pipelines-for-credential-theft?utm_source=mastodon&utm_medium=social

#SupplyChain #CredentialTheft #CiPipelines #RubyGems #GoModules

Imagine trusted Go modules turning your Linux system into a ticking time bomb. Hackers are hiding wiper malware in code you might use every day—what's really lurking in your development environment?

https://thedefendopsdiaries.com/unveiling-the-threat-linux-wiper-malware-in-malicious-go-modules/

#linuxmalware
#gomodules
#cybersecurity
#supplychainattack
#wipermalware

The Go programming language’s modules are particularly susceptible to repojacking, distinguishing them from other package manager solutions like npm or PyPI.

#Cybersecurity #GitHub #GoModules #Hijacking #Repojacking

https://cybersec84.wordpress.com/2023/12/06/15000-github-repositories-at-risk-protect-your-go-modules-from-repojacking/