Tutorials 5 min read
Social engineering against open source maintainers: a defense guide
Open source project maintainers have become priority targets for state-sponsored actors like UNC1069. A breakdown of the tactics used and concrete defenses maintainers can implement to protect their npm, PyPI accounts and publishing credentials.