5 matches found
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. "At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable...
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems
Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems. "The threat actor has published at least seven packages impersonating widely used Go libraries,...
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB...
Fedora 37 : golang-github-facebookincubator-contest / etc (2022-53fdd2d9c4)
The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-53fdd2d9c4 advisory. Rebuild for CVE-2022-24675,28327,29526 in golang and other go ecosystem CVEs These packages were missed in the initial rawhide go ecosystem rebuild a couple...
Post-quantum Cryptography for the Go Ecosystem
filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM formerly known as Kyber, renamed because we can't have nice things is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...