一个看似无害的回车符(Carriage Return),竟然能让 Git 的子模块克隆逻辑彻底“失控”,甚至引发远程代码执行(RCE)!近日,研究人员 David Leadbeater 披露了一个严重漏洞(CVE-2025-48384),攻击者可以通过精心构造的 .gitmodules 文件,在类 Unix 系统上实现任意文件 ...
A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. The campaign was detected last month and relied on three malicious Go modules that ...
Risk vector: Package managers like npm, pip, Maven, and Go modules all enable pulling dependencies directly from GitHub repositories instead of official registries. Related:Lazarus Group Picks a New ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果