GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.
This is why my work will only use enterprise supported distros like RHEL. We don’t have the manpower to stay on top of every single package update to ensure they’re absolutely safe.
This is why my work will only use enterprise supported distros like RHEL. We don’t have the manpower to stay on top of every single package update to ensure they’re absolutely safe.