Software development
fromSecuritymagazine
2 months agoTyposquatted packages delivering malware to Linux and macOS systems
A malicious campaign using typosquatted Go packages is targeting Linux and macOS systems to deliver malware.
"Due to the combination of the command injection in the 'openwrt/imagebuilder' image and the truncated SHA-256 hash included in the build request hash, an attacker can pollute the legitimate image by providing a package list that causes the hash collision."