The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and data-stealing malware.

VS Code: Python Environments Extension generally available

The new extension for Visual Studio Code aims to end the previous fragmentation and ensure a uniform workflow with Python environments.

Create inset weeks so families can book cheaper holidays

Create inset weeks so families can book cheaper holidays, schools urged - On the Beach has written to the headteachers of 25,000 schools in England and Wales asking them to implement inset weeks stagg ...

Headteacher created bonus week off for children to go on cheaper holidays

But the idea is at the centre of a new campaign by package holiday provider On the Beach. They are calling for more ...

Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers ...

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Security Boulevard

Hackers Use LLM to Create React2Shell Malware, the Latest Example of AI-Generated Threat

Darktrace researchers say hackers used AI and LLMs to create malware to exploit the React2Shell vulnerability to mine ...

Schools told to create 'inset week' so families get cheap holidays

The move would allow parents to take children out of school for 'term-time holidays' ...