cybersecurity

Lazarus Group's Latest: Brandjacking Campaign on npm

Published: June 3, 2026 Source: sonatype.com 1 min read

You are reading a summary. The full content is hosted on sonatype.com.

Sonatype reports a Lazarus Group npm campaign using dozens of malicious, brandjacking packages that mimic trusted ecosystems to deliver follow-on payloads. Analysis of buffer-utilities shows a dropper that fetches and executes remote code and can establish persistent attacker-controlled activity, so affected installs should be treated as potentially compromised.

Read the full article on the original website

External link to sonatype.com

cybersecurity

Upcoming Speaking Engagements

1 min read •

cybersecurity

FBI disrupts massive AI-powered phishing service using a million URLs

1 min read •

cybersecurity

When a Government Pulls an AI Model: What the Fable 5 and Mythos 5 Suspension Means for Security Teams

1 min read •

Related Articles

Upcoming Speaking Engagements

FBI disrupts massive AI-powered phishing service using a million URLs

When a Government Pulls an AI Model: What the Fable 5 and Mythos 5 Suspension Means for Security Teams