Subj : OpenSSF and OpenJS warn about social-engineering attacks
To   : All
From : LWN.net
Date : Mon Apr 15 2024 18:00:06

OpenSSF and OpenJS warn about social-engineering attacks

Date:
Mon, 15 Apr 2024 16:48:17 +0000

Description:
The Open Source Security Foundation and the OpenJS Foundation have jointly
posted a
warning about XZ-like social-engineering attacks after OpenJS was
seemingly targeted. The OpenJS Foundation Cross Project Council received a 
suspicious
	series of emails with similar messages, bearing different names and
	overlapping GitHub-associated emails. These emails implored OpenJS
	to take action to update one of its popular JavaScript projects to
	"address any critical vulnerabilities," yet cited no specifics. The
	email author(s) wanted OpenJS to designate them as a new maintainer
	of the project despite having little prior involvement.

======================================================================
Link to news story:
https://lwn.net/Articles/969919/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.