Supply chain attack targets developers using the Go programming language.
First seen on arstechnica.com
Jump to article: arstechnica.com/security/2025/02/backdoored-package-in-go-mirror-site-went-unnoticed-for-3-years/
Go Module Mirror served backdoor to devs for 3+ years