Go Module Mirror served backdoor to devs for 3+ years

Found 17 days ago ago at Arstechnica

A mirror proxy Google runs on behalf of developers of the Go programming language pushed a backdoored package for more than three years until Monday, after researchers who spotted the malicious code petitioned for it to be taken down twice. The service, known as the Go Module Mirror , caches open source packages available on GitHub and elsewhere so that downloads are faster and to ensure they are compatible with the rest of the Go ecosystem. By default, when someone uses command line tools bu

Read the full article at Arstechnica

More Developer News

Microsoft's Magma AI Can Manipulate and Control Robots

Found 1 day ago at CNET

DeepSeek goes beyond “open weights” AI with plans for source code release

Found 1 day ago at Arstechnica

How to try DeepSeek R1 - without the censorship or security risk

Found 1 day ago at All About Microsoft

Archaeologists Unearth the First Pharaoh’s Tomb Since Tutankhamun

Found 2 days ago at Gizmodo

If Musk wants AI for the world, why not open-source all the Grok models?

Found 4 days ago at All About Microsoft