Chinese threat actors exploited a new zero-day in Barracuda’s Email Security Gateway devices to deploy a backdoor on some devices. This comes after a similar attack earlier in the year. The flaw is exploited via a specially crafted Microsoft Excel email attachment. Barracuda has automatically applied a security update and no further customer action is required. Private and public sector organizations in at least 16 countries have been impacted.
Go Module Mirror served backdoor to devs for 3+ years
Google’s mirror proxy for Go programming language developers promoted a backdoored package for over three years. The service, Go Module Mirror, fastens and verifies downloads’
