A devastating new supply-chain attack has emerged in the Go ecosystem, with attackers deploying highly destructive disk-wiping malware through seemingly legitimate modules.

This sophisticated attack exploits the inherent openness of Go’s package ecosystem, where developers routinely source modules directly from GitHub repositories with minimal gatekeeping or verification processes.