Noticias Tech
Tech
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
Una nueva campaña de ataque a la cadena de suministro de software utiliza paquetes durmientes para distribuir cargas maliciosas que permiten el robo de credenciales y manipulac
2026-05-011 min de lectura
Fuente: Cloud360.net · Noticias
Temas
Tech
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account "BufferZoneCorp," which has published a set of repositories that are associated with malicious Ruby gems and Go modules. As of
Newsletter12,500+ suscriptores
Recibe el mejor contenido tech cada mañana
Gratis · Sin spam · Cancela cuando quieras