Shameless copy/paste of the main info if anyone wants to catch a glimpse without going to reddit :
Summary of events:
On 5 March 2026, a Wikimedia Foundation employee accidentally imported a malicious script to his account on Meta-Wiki while testing global API limits for user scripts (see his global.js page history). The malicious script was created in 2023 to attack two Russian-language alternative wiki projects, Wikireality and Cyclopedia. In 2024, user Ololoshka562 created a page on the Russian Wikipedia containing the script used in these attacks. The script, which had been sitting dormant on ruwiki for 1.5 years, then spread to several accounts on Meta, including WMFOffice, and mass-deleted pages in namespaces 0–3, leaving behind an edit summary of “Закрываем проект”, Russian for “Closing the project”. The staff member, as a global interface administrator, has permission to edit meta:MediaWiki:Common.js, which allowed the script to infect any user who visited Meta-Wiki while it was active. To prevent the script from spreading further, all Wikimedia projects were set to read-only for about 2 hours, and all user JavaScript was temporarily disabled.
Post from WMF staff member on Discord:
Hey all - as some of you have seen, we (WMF) were doing a security review of the behavior of user scripts, and unintentionally activated one that turned out to be malicious. That is what caused the page deletions you saw on the Meta log, which are getting cleaned up. We have no reason to believe any third-party entity was actively attacking us today, or that any permanent damage occurred or any breach of personal information.
We were doing this security review as part of an effort to limit the risks of exactly this kind of attack. The irony of us triggering this script while doing so is not lost on us, and we are sorry about the disruption. But the risks in this system are real. We are going to continue working on security protections for user scripts – in close consultation with the community, of course – to make this sort of thing much harder to happen in the future.
I have no deep knowledge of this, but i guess there is a difference between sponsoring and owning. A lot of big FOSS projects have indeed corporate donations, but i think for the most part corporate cannot force them to do things (the only exception i know of being the deal between Mozilla and Google). Of course, they can threaten to cut fundings, but i think it isnt a real problem (for now) for various reasons : linux ecosystem is still niche enough to be uninteresting for big corpos, donations help projects get better quicker but you can always fork them and come back to more humble progression if needed (not 100% sure, im not very tech literate, but that’s a feeling i get), and i guess FOSS ecosystem also provides big corpos with talented people and occasionally interesting pieces of software, so they have a bit of interest in keeping it alive.
If you want to go towards the least corporate options, you can try the most niche linux options. Linux Mint is based on Ubuntu, made by the enterprise Canonical, which has a somewhat bad reputation in the linux corporation, for being a bit too centralized i guess ? I use it as it is perfect for a not skilled user like me, but if you want to be independant of tech companies, maybe that’s not the perfect choice.