{ads}

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

Written By Friday, 1 May 2026 Add Comment



May 1, 2026 at 03:13PM

A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account "BufferZoneCorp," which has published a set of repositories that are associated with malicious Ruby gems and Go modules. As of

from The Hacker News https://ift.tt/PNTI1ry

0 Response to "Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads