Open Source Foundations Raise Alarm Over Ongoing Social Engineering Attacks

Following the discovery of a backdoor in the XZ Utils, open-source leaders warn of similar attacks targeting other projects.

Recent discovery of a backdoor in XZ Utils, a core Linux library, raises concerns over similar vulnerabilities in other open-source projects.
OpenJS and Open Source Security Foundations urge maintainers to be vigilant against social engineering tactics aimed at gaining administrative access.
Suspicious patterns identified in email communications to OpenJS Foundation, suggesting ongoing attempts to infiltrate other projects.
Experts emphasize the vulnerability of underfunded open-source projects to social engineering due to the high trust and low resources.
Calls for increased public and private investment in open-source security to protect essential digital infrastructure.