A newly discovered software supply chain attack has revealed how threat actors are abusing open-source ecosystems to infiltrate developer environments. The campaign, linked to a GitHub account named BufferZoneCorp, targets both Ruby and Go ecosystems using malicious packages designed to appear legitimate. These packages are crafted to compromise developer machines and continuous integration (CI) pipelines, […] The post Supply Chain Attack Targets GitHub Actions via Malicious Ruby Gems and Go Modules appeared first on Cyber Security News.