Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks.
CNX Software

Mimiclaw is an OpenClaw-like AI assistant for ESP32-S3 boards

MimiClaw is an OpenClaw-inspired AI assistant designed for ESP32-S3 boards, which acts as a gateway between the Telegram messaging application and Claude ...
The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...

LummaStealer infections surge after CastleLoader malware campaigns

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware.
SecurityWeek

New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices

ZeroDayRAT mobile spyware provides full remote access to Android and iOS with live camera feeds, key logging, bank and crypto ...
Cryptopolitan

ClawHub hosts supply chain attacks through AI agent skills

ClawHub contains malicious skills and prompts, noted SlowMist in its latest preview of the marketplace. AI bot skills may contain stealers or malicious installations.
GitHub

Polygon.io Data Downloader for Backtesting

A user-friendly Python GUI application to download historical stock and cryptocurrency data from Polygon.io. The script is designed to fetch intraday data for a specified ticker, date range, and ...
GitHub

fox-techniques/hestia-logger

A high-performance, structured logging system for Python applications. Supports async logging, Elastic Stack integration, structured JSON logs, and colorized console output.