"PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks"

Submitted by grigby1 on Thu, 08/17/2023 - 11:31am

According to Aqua Nautilus researchers, Microsoft's PowerShell Gallery poses a software supply chain risk due to its relatively weak protection against attackers uploading malicious packages to the online repository. Recent testing of the repository's policies regarding package names and owners revealed that a threat actor could easily exploit them to spoof legitimate packages and make it difficult for users to identify a true package owner. This article continues to discuss the software supply chain risk posed by Microsoft's PowerShell Gallery.

Dark Reading reports "PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks"

PDF version
Printer-friendly version