Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
Description: The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is also known as Jade Sleet, PUKCHONG,
Source: TheHackerNews
April 15th, 2025 (about 2 hours ago)
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
Description: North Korean state-sponsored group Slow Pisces (Jade Sleet) targeted crypto developers with a social engineering campaign that included malicious coding challenges. The post Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware appeared first on Unit 42.
Source: Palo Alto Unit42
April 14th, 2025 (1 day ago)
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
Description: The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader. "These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation
Source: TheHackerNews
April 5th, 2025 (10 days ago)
Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware
Description: The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by
Source: TheHackerNews
April 3rd, 2025 (12 days ago)
DPRK 'IT Workers' Pivot to Europe for Employment Scams
Description: By using fake references and building connections with recruiters, some North Korean nationals are landing six-figure jobs that replenish DPRK coffers.
Source: Dark Reading
April 2nd, 2025 (13 days ago)
North Korean IT worker scam spreading to Europe after US law enforcement crackdown
Description: North Korea’s IT worker scam has expanded widely into Europe after years of focusing on U.S. companies, according to new research.
Source: The Record
April 2nd, 2025 (13 days ago)
North Korea’s fake tech workers now targeting European employers
Source: TheRegister
April 2nd, 2025 (13 days ago)
North Korean IT worker army expands operations in Europe
Description: ​North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. [...]
Source: BleepingComputer
April 1st, 2025 (14 days ago)
Lazarus APT Jumps on ClickFix Bandwagon in Recent Attacks
Description: A continuation of the North Korean nation-state threat's campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor.
Source: Dark Reading
April 1st, 2025 (14 days ago)
North Korean hackers adopt ClickFix attacks to target crypto firms
Description: The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). [...]
Source: BleepingComputer
March 31st, 2025 (15 days ago)