The attacker breached their web server and injected a script in the checkout page that recorded credit cards. Anyone who entered their credit card info on oneplus.net between November 2017 and January 11, 2018 may be affected.
It seems to be a very sophisticated malware-for-hire distribution, active since 2012 and used, this time, by the Lebanese government. Which was found out because of sloppy security work on their own part, funnily enough. The full 51-page report is a nice read too.
It doesn't affect all Electron apps, only Windows-based ones that register themselves to handle custom protocol formats like myapp://. Update when needed though. Windows Defender has also been updated to detect exploit attempts.
The only way to recover is restoring your phone to factory settings. Updates for both platforms are underway.
It's still a bit rough around the edges, like you can't select 'Remember device', for example. But good news nonetheless.
It's a graduate of Google's (Alphabet's) X program. It aims to detect hacking attempts much sooner, before the real damage is done.
A long but amazing blogpost, taking its time to explain Spectre and Meltdown properly.
An well written bit of research on how attackers can still get your IP address, even when you're behind Cloudflare (so you can still be attacked directly without Cloudflare protecting you)
Nice succinct list of various types of DDoS attacks that happen today, with a short explanation.