‘Water Curse’ Targets Infosec Pros Via Poisoned GitHub Repositories

The emerging threat group attacks the supply chain via weaponized repositories posing as legitimate pen-testing suites and other tools that are poisoned with malware.