TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

By rooter

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.
The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active since May 2025.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

rooter
Cyber Security

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

rooter
Cyber Security

Smart Digital Moves for a Borderless Financial Life

rooter

Leave a Reply

You Missed

News

It took two years, but Google released a YouTube app on Vision Pro

News

Attackers prompted Gemini over 100,000 times while trying to clone it, Google says

News

Bringing the “functionally extinct” American chestnut back from the dead

News

Unique structure of elephant whiskers give them built-in sensing “intelligence”