Microsoft’s PowerShell Gallery presents a software supply chain risk because of its relatively weak protections against attackers who want to upload malicious packages to the online repository, according to researchers at Aqua Nautilus. They recently tested the repository’s policies regarding package names and owners and found that a threat actor could easily abuse them to spoof legitimate packages and make it hard for users to identify the true owner of a package.
Source: Dark Reading: Cloud