TECH NEWS

Lazarus Group Uses npm Brandjacking Campaign to Target Developers

A new npm campaign linked to North Korea’s Lazarus Group shows how attackers are using familiar-looking package names to gain access to developers’ systems and software build environments.

Sonatype Security Research said it is tracking dozens of malicious npm packages connected to the campaign, including some that reached up to 500 weekly downloads. The packages were designed to look related to trusted JavaScript projects and tools, increasing the chance that developers would install them during normal work.

More Than npm Typosquatting

Usually, hackers exploit techniques like typosquatting in such attacks; however, in this case, Sonatype found packages using brandjacking methods such as suffix additions, embedded project names, and version mimicry. Some of the examples spotted by researchers included names built around well known projects such as Buffer, Chai, React, Express, JWT, and Webpack.

That naming strategy is more likely to work in favor of attackers because npm is full...

Copyright of this story solely belongs to hackread.com. To see the full text click HERE

https://platform.theverge.com/wp-content/uploads/sites/2/2026/06/268589_Vitual_staging_AParkin.jpg?quality=90&strip=all&crop=0%2C10.732984293194%2C100%2C78.534031413613&w=1200

Real estate professionals are increasingly using AI-powered virtual staging tools like Stuccco and BoxBrownie to create misleading house and apartment listings

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Accelerate AI Adoption at F5's AI Virtual Summit — Learn how to architect, secure, and scale

https://techcrunch.com/wp-content/uploads/2026/06/Robot-hand.png?resize=1200,800

The running list: major tech layoffs in 2026 where employers cited AI

Oracle disclosed Monday that it has reduced its workforce by 21,000 employees over the past 12 months, a decline of 13%, which means more cuts than was previously known, including jobs eliminated because of AI. “The adoption and deployment of AI technologies across our operations have resulted, and may

https://www.zdnet.com/a/img/resize/f119f57c6eb603f38ff051ee474c3c877112287c/2024/02/20/fb245ded-ddd2-4d9a-8fbc-c4be0e5d8601/echo-hub5.jpg?auto=webp&fit=crop&height=675&width=1200

This tablet solved my biggest smart home problem - and it just hit an all-time low price

Follow ZDNET: Add us as a preferred source on Google. The Amazon Echo Hub smart display is on sale for only $110, down by 39% from its original price of $180, thanks to a Prime Day deal. Instead of toggling between a bunch of different smart home apps on your

https://www.zdnet.com/a/img/resize/26b2b77c2dd6c27fc306cdc629172696bd02be2b/2025/12/12/31ed373b-1c80-4740-ac1e-6ea551b5be2a/img-4755.jpg?auto=webp&fit=crop&height=675&width=1200

This 4TB Samsung external SSD is the last one you'll ever need - and it's 32% off

Follow ZDNET: Add us as a preferred source on Google. Need external storage? Samsung's T9 portable SSD has 4 terabytes of space for $790, that's 32% off the regular price of $1,144 (or $350 off). With the exorbitant cost of memory right now, this is

More Than npm Typosquatting

Read more

Real estate professionals are increasingly using AI-powered virtual staging tools like Stuccco and BoxBrownie to create misleading house and apartment listings

The running list: major tech layoffs in 2026 where employers cited AI

This tablet solved my biggest smart home problem - and it just hit an all-time low price

This 4TB Samsung external SSD is the last one you'll ever need - and it's 32% off