Malicious Go and npm Packages Are Dropping Cross-Platform Malware and Triggering Remote Wipes: What Developers Must Do Now
If you rely on open source to move fast—and who doesn’t—this one’s a wake‑up call. Security researchers have uncovered a wave of malicious Go modules and npm packages that quietly pull down second-stage payloads, run them in memory on both Linux and Windows, and in one case, can even wipe a developer’s machine based on…