Attackers invite targets to collaborate on a project, convincing them to download and run a repository with malicious npm dependencies.
Attackers invite targets to collaborate on a project, convincing them to download and run a repository with malicious npm dependencies.
github.blog Security alert: social engineering campaign targets technology industry employees - The GitHub Blog
GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.
You're viewing a single thread.
13
comments
There goes the argument of non technical users falling for scams. The tables have turned!
I do wonder if this would be negated by containered applications
You've viewed 13 comments.