Simon Willison11h ago
Warning to open source maintainers: the Axios supply chain attack started with some
very sophisticated social engineering targeted at one of their developers https://simonwillison.net/2026/Apr/3/supply-chain-social-engineering/
The Axios supply chain attack used individually targeted social engineering

The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved …

Simon Willison’s Weblog
Show threadOlivier Forget9h ago
@simon With the web tech we have available it's a shame people have to install stuff just to join a meeting.
Show threadSam9h ago
@teleclimber @simon yes but i think in part it's not tech but the context. if you were offered a chance at a dream job or whatever, you might overlook some inconvenience (joining a call using unsafe software) in order to participate. with ai i think it's easier to mimic the context.
Show threadErik van Straten

@simon : This may be a very effective scam, but it is not sophisticated - it is "good old" social engineering. No excuses.

Do not update or install software by clicking on something that pops up telling you to do so. Visit the manufacturer's website instead.

If your "bank" calls you and tells you that your savings will get stolen if you don't do immediately and exactly do as they say: hang up. Call your bank on their well known phone number and ask what is going on.

Don't just trust anyone or anything out of the blue. It's way too easy to spoof identities online. Take back control.

@0f4d0335 @teleclimber

#Phishing #Spoofing #Malware #RAT

5:28pmWeb