AttackFeed by Joe Wagner | Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems  - The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems  – The Hacker News

Posted on By [email protected] (The Hacker News)
Attack Feeds

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.
The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active since May 2025.
”  –

Read More  – The Hacker News 

You may also like

AttackFeed by Joe Wagner | Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover  - The Hacker News
Attack Feeds
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover  – The Hacker News
April 28, 2026
AttackFeed by Joe Wagner | Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users  - The Hacker News
Attack Feeds
Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users  – The Hacker News
February 19, 2026
AttackFeed by Joe Wagner | Vercel’s security breach started with malware disguised as Roblox cheats  - CyberScoop
Attack Feeds
Vercel’s security breach started with malware disguised as Roblox cheats  – CyberScoop
April 20, 2026
AttackFeed by Joe Wagner | Fake Word Phishing Reveals Enterprise Blind Spot in Trusted Remote Access Tools  - Hackread – Cybersecurity News, Data Breaches, AI and More
Attack Feeds
Fake Word Phishing Reveals Enterprise Blind Spot in Trusted Remote Access Tools  – Hackread – Cybersecurity News, Data Breaches, AI and More
May 20, 2026