Poisoned Go programming language package lay undetected for 3 years
Poisoned Go programming language package lay undetected for 3 years
go.theregister.com
Researcher sniffs out three-year Go supply chain attack
Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.…