CSOonline

Report: PowerShell Gallery susceptible to typosquatting and other package-management attacks

Aqua Security says PowerShell issue can allow attacks involving registration of malicious packages with names similar to existing popular package names when developers make mistakes. Researchers are ...
Dark Reading

PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks

Microsoft's PowerShell Gallery presents a software supply chain risk because of its relatively weak protections against attackers who want to upload malicious packages to the online repository, ...
Bleeping Computer

Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks

Lax policies for package naming on Microsoft’s PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for ...
MCPmag

Installing a Module from the PowerShell Gallery

For the longest time, the open source community had a ubiquitous concept called "public package repositories." Using utilities such as rpm, yum et al. is commonplace, but Microsoft never had the same ...
Neowin

WingetUI gets support for Widgets to easily update/install packages, PowerShell Gallery too

WingetUI's newest release brings multiple usability-related improvements as it improves in several areas including installing, updating, and exporting packages. PowerShell Gallery support is here too.