TechCrunch says the March 31 Axios npm compromise was the result of a weeks-long North Korean social-engineering campaign against maintainer Jason Saayman, underscoring how high-value open source maintainers are being targeted to reach downstream users at scale.
North Korea's hijack of one of the web's most used open source projects was likely weeks in the making
TechCrunch says the March 31 Axios npm compromise was the result of a weeks-long North Korean social-engineering campaign against maintainer Jason Saayman, underscoring how high-value open source maintainers are being targeted to reach downstream users at scale.
Source: Techcrunch