Visual Studio developers are targeted with a self-propagating worm in a sophisticated supply chain attack through the OpenVSX ...

North Korean hackers used fake recruiter lures and npm packages to target crypto developers in a large-scale supply-chain ...

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality ...

Google’s Threat Intelligence Group has linked North Korean hackers to EtherHiding, blockchain malware previously used by ...

A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with ...

Google reports North Korean hackers using EtherHiding to embed adaptive malware in blockchain smart contracts.

The North Korean threat actor behind the Contagious Interview campaign has started combining features from two of its malware ...

There isn’t a consistent threat model for extension marketplaces yet, McCarthy said, making it difficult for any platform to ...

A malware that steals credentials and cryptocurrencies uses Unicode for invisible code and installs a remote access trojan.

Open source malware as we know it, is malicious code hidden within software packages shared publicly on platforms like ...

A Sonatype report reveals a sharp rise in sophisticated attacks hiding in trusted code libraries, with data theft becoming ...

North Korea npm Malware Campaign targets Web3 developers via malicious code on npm, stealing credentials & crypto, exposing ...