Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks
Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks
16 August 2023
The flaws have to do with the service's lax policy surrounding package names, lacking protections against typosquatting attacks, as a result enabling attackers to upload malicious PowerShell modules that appear genuine to unsuspecting users.