Skip to content
The Nexus
SECURITYMay 1 · 09:43 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A new software supply chain attack campaign uses sleeper packages to push malicious payloads, enabling credential theft, GitHub Actions tampering, and SSH persistence. The attack is attributed to the GitHub account 'BufferZoneCorp,' which published malicious Ruby gems and Go modules.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this