All news with #go tag

Tue, December 9, 2025

Malicious VS Code Extensions and Supply‑Chain Packages

#Visual Studio Code #Go #npm #Rust #DLL Hijacking #Typosquatting #Supply Chain Backdoor #Data Exfil via Tools

🔒 Security researchers uncovered malicious extensions on the Microsoft Visual Studio Code Marketplace that delivered stealer malware while posing as a dark theme and an AI assistant. Koi Security reported the extensions downloaded additional payloads, captured screenshots, and siphoned emails, Slack messages, Wi‑Fi passwords, clipboard contents and browser sessions to attacker servers. Microsoft removed the packages in early December 2025 after investigators linked them to a publisher using multiple similarly named packages.

Fri, October 31, 2025

Go clients, HTTP/2 PING floods, and ENHANCE_YOUR_CALM

#Cloudflare #HTTP2 #Go #gRPC #DDoS Surge

🔍 This post investigates why Cloudflare returned ENHANCE_YOUR_CALM for internal HTTP/2 traffic and traces the issue to an easy-to-make Go client behavior. An incorrect pattern where a response is closed without being fully read caused the Go HTTP/2 library to emit RST_STREAM and PING frames in quick succession, triggering PING-flood mitigations. The fix: always drain response bodies (for example, io.Copy(io.Discard, resp.Body)) before calling Close().

Wed, October 8, 2025

How Cloudflare Found and Fixed a Bug in Go's ARM64 Compiler

#Security Advisory #Patch #Go #Go Runtime #arm64

🔍 Cloudflare engineers describe discovering a rare race condition in the Go arm64 compiler that caused goroutine stack-unwinding crashes in production. They traced sporadic fatal panics and segfaults to async preemption interrupting a split stack-pointer adjustment, leaving an invalid stack frame. A minimal reproducer showed the assembler could split a large ADD into multiple instructions, creating a one-instruction window where preemption caused unwinder corruption. The issue was fixed upstream in go1.23.12, go1.24.6, and go1.25.0.

Tue, September 23, 2025

ShadowV2 Botnet Targets Misconfigured AWS Docker Containers

#AWS #Docker #DDoS Surge #Cloudflare #Go #Active Exploitation

⚠️ Researchers at Darktrace disclosed ShadowV2, a DDoS-focused botnet that exploits misconfigured Docker daemons on AWS EC2 instances to deploy a Go-based RAT and enlist hosts as attack nodes. The campaign uses a Python spreader to spawn an Ubuntu setup container, build a custom image, and run an ELF payload that checks in with a Codespaces-hosted C2. Operators leverage HTTP/2 Rapid Reset floods, a Cloudflare UAM bypass via ChromeDP, and a FastAPI/Pydantic operator API, signaling a modular DDoS-for-hire service.