CSOonline

Report: PowerShell Gallery susceptible to typosquatting and other package-management attacks

Aqua Security says PowerShell issue can allow attacks involving registration of malicious packages with names similar to existing popular package names when developers make mistakes. Researchers are ...
Dark Reading

PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks

Microsoft's PowerShell Gallery presents a software supply chain risk because of its relatively weak protections against attackers who want to upload malicious packages to the online repository, ...
Bleeping Computer

Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks

Lax policies for package naming on Microsoft’s PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for ...
MCPmag

Installing a Module from the PowerShell Gallery

For the longest time, the open source community had a ubiquitous concept called "public package repositories." Using utilities such as rpm, yum et al. is commonplace, but Microsoft never had the same ...
CSOonline

How to keep attackers from using PowerShell against you

New guidance shows how to harden PowerShell and make it more difficult for threat actors to hijack for malicious purposes. Living off the land is not the title of a gardening book. It’s the goal of ...