Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry’s users.
« These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package, » Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared
