Malicious Go Modules: Securing Your Linux Build Pipeline
Every Linux developer who works with Go has run the same workflow a thousand times. You find a library that solves your problem, you see a decent star count on GitHub, and you run go get. It is frictionless and efficient. Lately, however, it is becoming one of the most effective ways for an attacker to get code running on your build servers. The recent “Operation Muck and Load” campaign is a perfect example of why this workflow is risky. Researchers uncovered over 200 GitHub repositories dist…LinuxSecurity – Security ArticlesRead More