here’s the link to the source information of that article. Read it in full. https://openjsf.org/blog/openssf-openjs-alert-social-engineering-takeovers
read the full article. there it’s mentioned that there were similar attempts on popular OpenJS projects. “The emails were sent from different names, all with GitHub-associated email addresses, and were constructed around the same theme. The suspected attackers were trying to get themselves added as project maintainers to “address any critical vulnerabilities” but didn’t provide details on these vulnerabilities, which raises suspicion.”
Great work. 👍