Attackers tried to take over the JavaScript project from OpenJS Foundation, which is home to JavaScript projects utilized by billions of websites globally.
This is similar to the incident that was recently disclosed and targeted at the open-source XZ Utils tracked as (CVE-2024-3094).
The XZ Utils software supply chain breach was the outcome of a highly skilled social engineering operation in which the attacker gained the project’s maintainer’s trust over several years by making valid code contributions.
https://cybersecuritynews.com/hackers-o ... t-project/