Tag: Lazarus Group

threat modeling, threat, security, secure design, threat modeling, supply chain Codenotary insider threats

Bad Actor Drops 36 Malicious Packages in npm, Targets Guardarian Users

Jeff Burt | April 6, 2026 | credentials, cryptocurrency, docker containers, Guardarian, kubernetes, Lazarus Group, npm malware, Python, Redis, SafeDep, Secrets, Shai-Hulud, software supply chain attacks, sonatype, Strapi

The npm code repository is again being used by a bad actor to launch a supply chain attack that includes three dozen malicious packages that appear as Strapi CMS plugins but deliver ...

AI-based, software development, ai, code generation, repositories, GitHub, Arm, extension, GitHub, Copilot, Git, bloat, malicious, GitLab, memory-safe, CISA, agency, Skillsoft GitHub GitKraken code QA

North Korea’s Lazarus Group Targets Developers, Supply Chain

Jeff Burt | February 17, 2025 | github, Lazarus Group, North Korea, NPM, Software Supply Chain

North Korea’s notorious Lazarus Group is using an advanced malicious implant to target cryptocurrency wallets and spreading it via legitimate GitHub profile and possibly through npm packages. The ongoing campaign, dubbed Operation Marstech ...