"New Open-Source Project Takeover Attacks Spotted, Stymied"

The OpenJS Foundation has thwarted a "credible takeover attempt" similar to the one that resulted in a backdoor being put in the open source XZ Utils package by someone called "Jia Tan." The malicious maintainer achieved that position through a successful long-term social engineering campaign. Lasse Collin, the project's author and primary maintainer, was convinced to share the duty of keeping the project running smoothly. According to OpenJS Foundation and Open Source Security (OSS) Foundation leaders, the OpenJS Foundation Cross Project Council received suspicious emails with similar messages, bearing different names and overlapping GitHub-associated emails. This article continues to discuss the new open source project takeover attacks.

Help Net Security reports "New Open-Source Project Takeover Attacks Spotted, Stymied"

Submitted by grigby1

Submitted by Gregory Rigby on