OpenSSF and OpenJS warn about social-engineering attacks

Date:
Mon, 15 Apr 2024 16:48:17 +0000

Description:
The Open Source Security Foundation and the OpenJS Foundation have jointly posted a
warning about XZ-like social-engineering attacks after OpenJS was
seemingly targeted. The OpenJS Foundation Cross Project Council received a suspicious
series of emails with similar messages, bearing different names and
overlapping GitHub-associated emails. These emails implored OpenJS
to take action to update one of its popular JavaScript projects to
"address any critical vulnerabilities," yet cited no specifics. The
email author(s) wanted OpenJS to designate them as a new maintainer
of the project despite having little prior involvement.

======================================================================
Link to news story:
https://lwn.net/Articles/969919/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)