Bleeping Computer

Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks

Lax policies for package naming on Microsoft’s PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for ...
Dark Reading

PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks

Microsoft's PowerShell Gallery presents a software supply chain risk because of its relatively weak protections against attackers who want to upload malicious packages to the online repository, ...
CSOonline

Report: PowerShell Gallery susceptible to typosquatting and other package-management attacks

Aqua Security says PowerShell issue can allow attacks involving registration of malicious packages with names similar to existing popular package names when developers make mistakes. Researchers are ...