OpenSSF and OpenJS warn about social-engineering attacks
The Open Source Security Foundation and the OpenJS Foundation have jointlyposted awarning about XZ-like social-engineering attacks after OpenJS wasseemingly targeted.
The OpenJS Foundation Cross Project Council received a suspiciousseries of emails with similar messages, bearing different names andoverlapping GitHub-associated emails. These emails implored OpenJSto take action to update one of its popular JavaScript projects to"address any critical vulnerabilities," yet cited no specifics. Theemail author(s) wanted OpenJS to designate them as a new maintainerof the project despite having little prior involvement.