supply chain attack

Malicious Go Modules Exposed for Erasing Linux System Data

by
Malicious Go Modules Exposed for Erasing Linux System Data

The Socket Security Team has disclosed that attackers are implementing destructive supply chain attacks through carefully disguised Go modules, with malicious code capable of completely wiping Linux system disks and causing permanent data loss. Attack Technique Analysis Complete Path of Malicious Modules: <span>github.com/truthfulpharm/prototransform</span> <span>github.com/blankloggia/go-mcp</span> <span>github.com/steelpoor/tlsproxy</span> 1. Module Disguise Imitating legitimate library names (such as <span>go-mcp</span>, … Read more

Malicious npm Package Attacks Linux Developers to Install SSH Backdoors

by
Malicious npm Package Attacks Linux Developers to Install SSH Backdoors

Introduction A concerning new type of supply chain attack has emerged, targeting Linux developers working with the Telegram bot ecosystem. Discovered in early 2025, multiple malicious npm packages disguised themselves as legitimate Telegram bot libraries to provide SSH backdoors and steal sensitive data from unsuspecting developers. These domain-squatted packages accumulated approximately 300 downloads over several … Read more