The recent attack on the XZ Utils supply chain was not an isolated incident, but rather part of a larger social engineering campaign that sought to compromise numerous JavaScript projects, experts have warned.

In a joint blog post, the OpenSource Security Foundation (OSSF) and OpenJS Foundation said that the OpenJS Foundation Cross Project Council received “a suspicious series of emails” all similar to one another, and mentioning similar GitHub-associated emails. 

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *