腾讯网

一个回车符搞崩Git,甚至能触发远程代码执行?

一个看似无害的回车符(Carriage Return),竟然能让 Git 的子模块克隆逻辑彻底“失控”,甚至引发远程代码执行(RCE)!近日,研究人员 David Leadbeater 披露了一个严重漏洞(CVE-2025-48384),攻击者可以通过精心构造的 .gitmodules 文件,在类 Unix 系统上实现任意文件 ...
Bleeping Computer

Linux wiper malware hidden in malicious Go modules on GitHub

A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. The campaign was detected last month and relied on three malicious Go modules that ...
TechRadar

Dangerous Linux wiper malware hidden within Go modules on GitHub

Three Golang modules on GitHub were found containing dangerous malware The malware was designed to wipe the entire disk of a Linux server It was removed from the platform Dangerous Linux malware, ...
Dark Reading

10 Major GitHub Risk Vectors Hidden in Plain Sight

Risk vector: Package managers like npm, pip, Maven, and Go modules all enable pulling dependencies directly from GitHub repositories instead of official registries. Attack surface: Using mutable ...