Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching

The mechanism was reported last year: <a href="https:&#x2F;&#x2F;github.com&#x2F;golang&#x2F;go&#x2F;issues&#x2F;66653">https:&#x2F;&#x2F;github.com&#x2F;golang&#x2F;go&#x2F;issues&#x2F;66653</a> but not acted on.