Go Module Mirror served backdoor to devs for 3+ years - Ars Technica
Supply chain attack targets developers using the Go programming language.
What we know about the xz Utils backdoor that almost infected the world
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.