lazarusholic

Everyday is lazarus.dayβ

#NPM

Vulnerability/Target

Reports

2026-06-17
Microsoft
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
#Mastra #NPM #SapphireSleet
2026-06-17
SafeDep
Mastra npm Scope Takeover: 143 Packages Drop a RAT
#Mastra #NPM
2026-06-16
ESTSecurity
Chai.js 플러그인으로 위장한 북한발 npm 악성 패키지 'chai-as-init' 분석
#ContagiousInterview #NPM
2026-06-03
Sonatype
Lazarus Group's Latest: Brandjacking Campaign on npm
#NPM #Lazarus
2026-05-28
SafeDep
Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace
#FamousChollima #HuggingFace #NPM
2026-05-22
RedAsgard
A Fake Coding Interview Is an Execution Request: Developer Safety Checklist
#GitHub #Lazarus #NPM #VSCode
2026-05-22
Dshield
Cross-Platform NPM Stealer
#NPM #OtterCookie
2026-05-20
OxSecurity
North Korean-Linked Threat Actor Targets Developers with New npm Infostealer RAT
#NPM
2026-05-19
OSM
Axios attacker strikes again! Three NPM packages have been hiding in plain sight for two months
#Axios #NPM #UNC1069
2026-05-18
Bridewell
Cyber Threat Intelligence Report 2026
#Trend #Collaboration #NPM
2026-05-14
OSM
How malware abuses npm lifecycle scripts and VS Code tasks
#Axios #NPM #TasksJacker
2026-05-01
Kmsec
North Korea's abuse of Cloudflare Workers and Pages
#FamousChollima #NPM #PylangGhost
2026-04-24
Panther
Inside DPRK's npm malware factory: 108 packages, 261 versions, and a 31-day campaign wave
#BeaverTail #NPM
2026-04-20
USCISA
Supply Chain Compromise Impacts Axios Node Package Manager
#Axios #NPM
2026-04-17
Igloo
Supply Chain Attack on Axios NPM Package via North Korean Threat Actors
#Axios #NPM
2026-04-10
Panther
Polymarket Trader Funds at Risk: DPRK npm Package Steals Wallet Keys and Installs SSH Backdoor
#FamousChollima #NPM
2026-04-09
Kaspersky
The axios attack is an extension of the GhostCall campaign by BlueNoroff
#Axios #BlueNoroff #NPM #GhostCall #SysPhon
2026-04-07
eSentire
Examining the Blast Radius from the Axios npm Supply Chain Compromise
#Axios #NPM #WAVESHAPER
2026-04-07
Panther
Tracking an OtterCookie Infostealer Campaign Across npm
#ContagiousTrader #NPM #OtterCookie
2026-04-07
NKInternet
npm Malware, Fake Devs, and Deepfake Videos: These Are A Few of My Favorite DPRK Things
#ITWorker #NPM #Deepfake
2026-04-06
PolySwarm
The Axios Breach: When npm Trust Becomes an APT Attack Vector
#Axios #NPM #UNC1069
2026-04-04
Resecurity
Supply Chain Malware Alert: plain-crypto-js Compromises Axios Packages
#Axios #NPM
2026-04-04
CyberAndRamen
OtterCookie Expands Targeting to AI Coding Tools
#NPM #OtterCookie
2026-04-03
Panther
jsonspack: Multi-Tenant Node.js RAT â DPRK Supply Chain Campaign
#FamousChollima #NPM
2026-04-03
DCSO
From Axios NPM Supply Chain Attack to Tracking DPRK’s BlueNoroff
#Axios #BlueNoroff #NPM
2026-04-03
CiscoTalos
Axios NPM supply chain incident
#Axios #NPM
2026-04-03
Socket
Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign
#Axios #NPM
2026-04-03
NVISO
Axios npm attack: rapid hunting with KQL and response guide
#Axios #NPM
2026-04-02
SafeDep
Malicious npm Package express-session-js Drops Full RAT Payload
#ContagiousInterview #NPM
2026-04-02
Elastic
How we caught the Axios supply chain attack
#Axios #NPM
2026-04-02
Veracode
Breaking Down the Axios Supply Chain Attack
#Axios #NPM
2026-04-02
Socket
Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise
#Axios #NPM
2026-04-02
AxiosHttp
Post Mortem: axios npm supply chain compromise
#Axios #NPM
2026-04-01
Qihoo360
Axios供应链攻击事件再追踪:线索直指Lazarus组织
#Axios #NPM #Lazarus
2026-04-01
Bitdefender
Axios npm Supply Chain Attack - Cross-Platform RAT Deployed via Compromised Maintainer Account
#Axios #NPM
2026-04-01
SecuI
북한 연계 그룹의 AXIOS 공급망 공격
#Axios #NPM
2026-04-01
CybersecSentinel
Axios npm Backdoored: UNC1069 Deploys Cross-Platform RAT via Supply Chain Attack
#Axios #NPM #UNC1069
2026-04-01
PaloaltoNetworks
Widespread Impact of the Axios Supply Chain Attack
#Axios #NPM
2026-04-01
Socket
The Hidden Blast Radius of the Axios Compromise
#Axios #NPM
2026-04-01
Hunt.io
Breaking Down the Axios Supply Chain Attack: Dropper, Cross-Platform RATs, and BlueNoroff/TA444
#Axios #NPM #TA444 #BlueNoroff
2026-04-01
CrowdStrike
STARDUST CHOLLIMA Likely Compromises Axios npm Package
#Axios #NPM #StardustChollima
2026-04-01
Microsoft
Mitigating the Axios npm supply chain compromise
#Axios #NPM #SapphireSleet
2026-04-01
Elastic
Inside the Axios supply chain compromise - one RAT to rule them all
#Axios #NPM
2026-04-01
Elastic
Elastic releases detections for the Axios supply chain compromise
#Axios #NPM
2026-04-01
Google
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
#Axios #NPM #UNC1069 #WAVESHAPER
2026-03-31
LegitSecurity
Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions
#Axios #NPM
2026-03-31
PicusSecurity
Axios npm Supply Chain Attack: Cross-Platform RAT Delivery via Compromised Maintainer Credentials
#Axios #NPM
2026-03-31
Wiz
Axios NPM Distribution Compromised in Supply Chain Attack
#Axios #NPM
2026-03-31
TrendMicro
Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
#Axios #NPM
2026-03-31
Sophos
Axios npm package compromised to deploy malware
#Axios #NPM
2026-03-31
OxSecurity
Attackers Compromised Axios, NPM Package With Over 100M Weekly Downloads, Rotate Your Keys Now
#Axios #NPM
2026-03-31
InvictusIR
The Poisoned Pipeline: Axios Supply Chain Attack
#Axios #JustJoin #NPM
2026-03-31
Derp
Axios npm compromise: XOR dropper to cross-platform RAT
#Axios #NPM
2026-03-31
SafeDep
axios Compromised: npm Supply Chain Attack via Dependency Injection
#Axios #NPM
2026-03-31
Snyk
Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
#Axios #NPM
2026-03-31
N3mes1s
Axios npm Supply Chain Compromise (2026-03-31) — Full RE + Dynamic Analysis + BlueNoroff Attribution
#Axios #BlueNoroff #NPM
2026-03-31
Huntress
Supply Chain Compromise of axios npm Package
#Axios #NPM
2026-03-31
Koi
axios Compromised: A Supply Chain Attack on npm's Most Popular HTTP Client
#Axios #NPM
2026-03-31
SOCRadar
Axios npm Hijack 2026: Everything You Need to Know – IOCs, Impact & Remediation
#Axios #NPM
2026-03-31
Datadog
Compromised axios npm package delivers cross-platform RAT
#Axios #NPM
2026-03-31
ThreatBook
Lazarus Group Poisons Axios: Inside the npm Supply Chain Attack
#Axios #Lazarus #NPM #WAVESHAPER
2026-03-31
Socket
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
#Axios #NPM
2026-03-31
OSM
One of the most popular JavaScript packages on earth Axios has been compromised
#Axios #NPM
2026-03-31
StepSecurity
axios Compromised on npm - Malicious Versions Drop Remote Access Trojan
#Axios #NPM
2026-03-30
Aikido
axios compromised on npm: maintainer account hijacked, RAT deployed
#Axios #NPM
2026-03-17
Kmsec
Contagious Trader campaign - Coordinated weaponisation of cryptocurrency trading bots by suspected DPRK malware operators
#ContagiousTrader #FamousChollima #NPM
2026-03-13
Kmsec
First instance of PylangGhost RAT observed on npm
#FamousChollima #PylangGhost #NPM
2026-03-08
OSM
PolinRider: DPRK Threat Actor Implants Malware in Hundreds of GitHub Repos
#BeaverTail #ContagiousInterview #NPM #PolinRider #VSCode #GitHub
2026-03-06
OSM
Popular Development Framework Neutralinojs Compromised In DPRK Attack
#BeaverTail #NPM #Neutralinojs
2026-02-27
Socket
StegaBin: 26 Malicious npm Packages Use Pastebin Steganograp...
#ContagiousInterview #FamousChollima #NPM #Steganography #StegaBin
2026-02-26
Kmsec
Novel DPRK stager using Pastebin and text steganography
#FamousChollima #NPM #Steganography
2026-02-22
Kmsec
Tracking DPRK operator IPs over time
#FamousChollima #NPM
2026-02-21
Kmsec
DPRK tests Google Drive as a malware stager
#FamousChollima #NPM
2026-02-16
Kmsec
Exposed DPRK reference malware and logs
#FamousChollima #NPM
2026-02-15
unpacker
Beyond the Backdoor: How Contagious Interview Is Surgically Tampering with MetaMask Wallets
#BeaverTail #ContagiousInterview #InvisibleFerret #NPM
2026-02-13
Kmsec
VMWare artifacts left by a FAMOUS CHOLLIMA operator
#FamousChollima #NPM
2026-02-11
ReversingLabs
Fake recruiter campaign targets crypto developers with RAT
#Graphalgo #Lazarus #NPM
2025-11-26
Socket
Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks
#ContagiousInterview #NPM #OtterCookie
2025-11-20
Jfrog
New Crypto Stealer on npm. A Two-Part Attack
#NPM
2025-10-21
KL4R10N
Beyond eval(): DPRK’s New Malware Strategy Hidden in Job Assignments
#ContagiousInterview #NPM
2025-10-10
Socket
North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads
#ContagiousInterview #NPM
2025-10-06
BlackpointCyber
Malicious Node Package Deploys OtterCookie
#NPM #OtterCookie
2025-08-12
Slowmist
Uncovering a Web3 Interview Scam
#NPM
2025-07-31
Veracode
North Korean Crypto Stealing Campaign Rears Its Head Again
#BeaverTail #NPM
2025-07-31
Sonatype
How North Korea-Backed Lazarus Group Is Weaponizing Open Source to Target Developers
#Lazarus #NPM #PyPI
2025-07-28
Wiz
TraderTraitor: Deep Dive
#Bybit #DMM #JumpCloud #NPM #TraderTraitor
2025-07-15
Socket
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
#ContagiousInterview #NPM #XORIndex
2025-06-25
Socket
Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages
#BeaverTail #ContagiousInterview #HexEval #NPM
2025-06-18
Ketman
DPRK IT Worker-Related Account Takeover
#ITWorker #NPM
2025-06-12
Aikido
Malicious crypto-theft package targets Web3 developers in North Korean operation
#NPM
2025-04-29
Censys
Inside North Korea’s Cyber Ops with Silas Cutler
#BeaverTail #NPM #Youtube
2025-04-09
Veracode
Resurgent North Korean Malware Campaign in npm
#Lazarus #NPM
2025-04-04
Socket
Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
#BeaverTail #ContagiousInterview #Lazarus #NPM
2025-03-17
Logpresso
북한 라자루스(Lazarus) 그룹이 배포한 악성 npm 패키지 감염 사례
#Lazarus #NPM
2025-03-10
Socket
Lazarus Strikes npm Again with New Wave of Malicious Package
#Lazarus #NPM
2025-02-13
SecurityScorecard
Lazarus Group Targets Developers Through NPM Packages and Supply Chain Attacks
#Lazarus #MarstechMayhem #NPM
2025-01-29
Socket
North Korean APT Lazarus Targets Developers with Malicious npm Package
#Lazarus #NPM
2024-10-17
eSentire
Bored BeaverTail Yacht Club – A Lazarus Lure
#BeaverTail #InvisibleFerret #NPM
2024-08-29
Phylum
North Korea Still Attacking Developers via npm
#ContagiousInterview #MoonstoneSleet #NPM
2024-08-26
PolySwarm
DevPopper Campaign Targets Software Developers
#NPM #DevPopper
2024-08-24
Hackhunting
Software Supply Chain Threat Landscape July 2024: PyPI, NPM, GitHub and macOS
#NPM #PyPI
2024-08-07
Checkmarx
A Year-Long Campaign of North Korean Actors Targeting Developers via Malicious npm Packages
#NPM
2024-08-01
Datadog
Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access
#NPM #StressedPungsan
2024-07-31
Securonix
Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering
#DevPopper #NPM
2024-07-24
Stacklok
North Korean State Actors Exploit Open Source Supply Chain via Malicious npm Package
#NPM
2024-07-08
Phylum
New Tactics from a Familiar Threat
#NPM
2024-06-13
Checkmarx
A New North Korean Group Emerges, Disrupting the Open Source Ecosystem
#JadeSleet #NPM #MoonstoneSleet
2024-05-28
Microsoft
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
#NPM #ITWorker #MoonstoneSleet #FakePenny #Storm-1789 #PuTTY #Storm-1877 #DeTankWar #DeFiTankLand
2024-05-09
Kaspersky
APT trends report Q1 2024
#Trend #NPM #Andariel #ThreatNeedle #Kimsuky #AppleSeed #Durian
2024-04-25
Securonix
Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors
#NPM #DevPopper
2024-04-24
Phylum
Nation-State Threat Actors Renew Publications to npm
#NPM #macOS
2024-04-03
Norfolk
North Korea’s Post-Infection Python Payloads
#LabyrinthChollima #NPM
2024-02-20
Phylum
Fake Developer Jobs Laced With Malware
#NPM
2024-01-05
Phylum
Update to November’s Crypto-Themed npm Attack
#SupplyChain #NPM
2023-12-12
Checkmarx
How North Korea is Compromising Supply Chains
#SupplyChain #NPM
2023-12-08
Qianxin
疑似Lazarus(APT-Q-1)涉及npm包供应链的攻击样本分析
#NPM #APT-Q-1
2023-11-21
PaloaltoNetworks
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
#InvisibleFerret #ContagiousInterview #Wagemole #BeaverTail #NPM
2023-11-04
Phylum
Crypto-Themed npm Packages Found Delivering Stealthy Malware
#SupplyChain #NPM
2023-08-02
Checkmarx
Lazarus Group Launches First Open Source Supply Chain Attacks Targeting Crypto Sector
#NPM #JadeSleet
2023-07-27
ReversingLabs
More malicious npm packages found in wake of JumpCloud supply chain hack
#JumpCloud #NPM
2023-07-22
Phylum
June’s Sophisticated npm Attack Attributed to North Korea
#NPM
2023-07-20
SentinelOne
JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity
#JumpCloud #NPM
2023-07-18
Tay
Security alert: social engineering campaign targets technology industry employees
#JadeSleet #NPM
2023-07-06
ReversingLabs
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
#Brainleeches #NPM
2023-06-23
Phylum
Phylum Discovers Sophisticated Ongoing Attack on NPM
#NPM