THE content discusses a serious vulnerability (CVE-2026-9082) affecting the Drupal Core due to a malicious Go module backdoor discovered by Socket's Threat Research Team. The attack was crafted through a clever supply chain tactic, where a typosquatted version of the legitimate library `github.com/shopspring/decimal` was created with a rogue package named `github.com/shopsprint/decimal`, leading to the potential for remote code execution (RCE) once imported by developers.
This malicious version evaded security detection by masquerading as benign for nearly six years before being weaponized in August 2023. The backdoor initiates DNS TXT lookups, allowing attackers to execute arbitrary code remotely, thereby posing a severe threat to enterprise security. Following the disclosure, the Go security team removed the compromised module from the proxy server, and administrators are urged to check for and replace compromised dependencies.