Security News

Python Developers Targeted with Malware During Fake Job Interviews
2024-09-17 11:02

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from...

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers
2024-09-12 04:57

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily. The...

Fake password manager coding test used to hack Python developers
2024-09-11 21:09

Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. [...]

WordPress.org to require 2FA for plugin developers by October
2024-09-11 17:33

Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on their accounts. [...]

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware
2024-09-11 09:46

Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub...

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
2024-09-06 15:03

Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically...

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers’ Systems
2024-09-02 03:36

Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in...

North Korean Hackers Target Developers with Malicious npm Packages
2024-08-30 06:25

Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating "coordinated and relentless" efforts to target developers with...

Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform
2024-08-01 13:32

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining their cryptocurrency wallets. The packages have been collectively downloaded 2,082 times.

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS
2024-07-31 13:08

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. DEV#POPPER is the moniker assigned to an active malware campaign that tricks software developers into downloading booby-trapped software hosted on GitHub under the guise of a job interview.