GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.
Linux distros typically use a key signing party to help shore up their security concerns, but I wonder how github would go about implementing something like that.
Linux distros typically use a key signing party to help shore up their security concerns, but I wonder how github would go about implementing something like that.