North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

For those unfamiliar with Operation Dream Job, it is an ongoing campaign created by North Korean state-sponsored hackers.
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
Microsoft

Infostealers without borders: macOS, Python stealers, and platform abuse

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...

Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers ...

JFrog: A Mission-Critical Platform Driving Strong Unit Economics

Baron Discovery Fund highlights a new position in JFrog Ltd. as a leader in binary management. Read the Q4 2025 report for ...

How recruitment fraud turned cloud IAM into a $2 billion attack surface

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI ...
CSO Online

Shai-Hulud & Co.: The software supply chain as Achilles’ heel

The threat situation in the software supply chain is intensifying. Securing it belongs at the top of the CISO’s agenda.
Microsoft

Case study: Securing AI application supply chains

This case study examines how vulnerabilities in AI frameworks and orchestration layers can introduce supply chain risk. Using ...
Security Boulevard

Exploited React2Shell Flaw By LLM-generated Malware Foreshadows Shift in Threat Landscape

Attackers recently leveraged LLMs to exploit a React2Shell vulnerability and opened the door to low-skill operators and calling traditional indicators into question.

From Prototype To Platform: What Coding With AI Taught Me About The Future Of Work

After building an AI prototype in six hours, John Winsor turned it into a full platform in two weeks—showing how AI is ...
The Hacker News

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Python infostealers are spreading from Windows to macOS via Google Ads, ClickFix lures, and fake installers to steal credentials and financial data.
Security Boulevard

Hackers Use LLM to Create React2Shell Malware, the Latest Example of AI-Generated Threat

Darktrace researchers say hackers used AI and LLMs to create malware to exploit the React2Shell vulnerability to mine ...