Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks.
CNX Software

Mimiclaw is an OpenClaw-like AI assistant for ESP32-S3 boards

MimiClaw is an OpenClaw-inspired AI assistant designed for ESP32-S3 boards, which acts as a gateway between the Telegram ...
The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...
SecurityWeek

New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices

ZeroDayRAT mobile spyware provides full remote access to Android and iOS with live camera feeds, key logging, bank and crypto ...

LummaStealer infections surge after CastleLoader malware campaigns

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware.
Cryptopolitan on MSN

ClawHub hosts AI agent skills enabling supply chain attacks

ClawHub contains malicious skills and prompts, noted SlowMist in its latest preview of the marketplace. AI bot skills may contain stealers or malicious installations.