Fake password manager coding test used to hack Python developers

September 11, 2024 at 05:12PM North Korean hacker group Lazarus is using a phishing campaign to target Python developers, posing as recruiters and luring them with coding test projects for password management products containing malware. The VMConnect campaign was detected in 2023, and ReversingLabs reports that the malicious projects are hosted on GitHub. Job candidates … Read more

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

March 25, 2024 at 08:51AM Unidentified adversaries executed a sophisticated supply chain attack targeting individual developers and Top.gg’s GitHub organization account. The attack involved multiple tactics, including account takeover and malicious code insertion. It led to theft of sensitive data and distribution of trojanized software packages. The incident underscores the need for vigilance and thorough … Read more