Uploading malicious code to npm is just a setup. The real attack most likely happens elsewhere - on LinkedIn, Telegram, or ...

North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new ...

North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm ...

Socket has identified a new malware loader called XORIndex incorporated into malicious packages published to the npm registry ...

North Korean hackers continue attacking open-source software via npm packages. 67 new malicious packages with XORIndex Loader ...

US Department of Justice uncovers North Korean IT workers using false identities to infiltrate American companies, including ...

Federal authorities uncover North Korean schemes using remote IT workers with false identities to defraud U.S. companies, ...

Keith Shaw: The North Korean IT job scandal has shaken a lot of companies’ hiring practices to the core—exposing poor processes and revealing serious data security vulnerabilities.

The IT worker scheme, also tracked as Nickel Tapestry, Wagemole, and UNC5267, involves North Korean actors using a mix of ...

Researchers warn that recent attack campaigns against Web3 and crypto startups by a North Korean APT group have leveraged a ...

Korea Songkwang Trading General Corporation received designation under Executive Order 13810 as North Korean persons. Korea Saenal Trading Corporation also faces sanctions for engaging in commercial ...

The Justice Department, in a series of indictments, has laid out the use of front companies as a way to further the North Korean IT worker scheme.