AttackFeed by Joe Wagner | Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems  - The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems  – The Hacker News

Posted on By [email protected] (The Hacker News)
Attack Feeds

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.
The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active since May 2025.
”  –

Read More  – The Hacker News 

You may also like

AttackFeed by Joe Wagner | Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab  - Krebs on Security
Attack Feeds
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab  – Krebs on Security
April 5, 2026
AttackFeed by Joe Wagner | ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More  - The Hacker News
Attack Feeds
⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More  – The Hacker News
March 16, 2026
AttackFeed by Joe Wagner | ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware  - The Hacker News
Attack Feeds
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware  – The Hacker News
March 9, 2026
AttackFeed by Joe Wagner | Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception  - The Hacker News
Attack Feeds
Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception  – The Hacker News
March 26, 2026