Ars Technica

Go Module Mirror served backdoor to devs for 3+ years

A mirror proxy Google runs on behalf of developers of the Go programming language pushed a backdoored package for more than three years until Monday, after researchers who spotted the malicious code ...
TechRadar

Thousands of Go module repositories on GitHub are vulnerable to attack

Thousands of Go module repositories on GitHub are vulnerable to an attack known as repository hijacking, or repojacking, experts have warned. In this attack, a hacker abuses the fact that a developer ...