North Korean threat actors linked to the Contagious Interview campaign have published 108 unique malicious packages and browser extensions across npm, Packagist,…
Cybersecurity researchers have uncovered two malicious campaigns linked to North Korean threat actors, exploiting developer tools like Microsoft Visual Studio Code (VS…
Cybersecurity researchers at JFrog have uncovered a set of malicious npm packages that masquerade as legitimate PostCSS tools to deliver a Windows-based…
A campaign first flagged in March 2026 involving malicious obfuscated JavaScript payloads in hundreds of GitHub repositories. It has compromised over 1,900…
A known JavaScript malware associated with the Contagious Interview campaign. Delivered via malicious packages and extensions, it searches for configuration files and…