In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
In late February, a software engineer discovered a backdoor in an open source package that’s heavily used across the Linux ecosystem. This discovery prompted additional scrutiny around the security of ...