Lucene search
K

14 matches found

Trend Micro Simply Security
Trend Micro Simply Security
added 2026/04/21 12:0 a.m.32 views

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

Our research on Void Dokkaebi’s operations uncovered a campaign that turns infected developer repositories into malware delivery channels. By spreading through trusted workflows, organizational codebases, and open-source projects, the threat can scale from a single compromise to a broader supply...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/11 9:0 p.m.18 views

Contagious Interview: Malware delivered through fake developer job interviews

Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity associated with this campaign in recent customer environments, targeting software developers at...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/21 5:17 p.m.9 views

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence AI, cryptocurrency, financial services, IT services, marketing, and software...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/09 6:25 p.m.15 views

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical React2Shell security flaw in React Server Components RSC to deliver a previously undocumented remote access trojan dubbed EtherRAT. "EtherRAT leverages Ethereum smart contracts for...

10CVSS7.9AI score0.99562EPSS
Exploits374
Snyk
Snyk
added 2025/11/30 1:14 p.m.3 views

Malicious Package

Overview tailwind-grid-tools is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...

9.8CVSS7.2AI score
Exploits0References3
Snyk
Snyk
added 2025/11/30 1:14 p.m.6 views

Malicious Package

Overview logify-pino is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

9.8CVSS7.2AI score
Exploits0References3
Snyk
Snyk
added 2025/11/30 1:14 p.m.3 views

Malicious Package

Overview json-oauth is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

9.8CVSS7.2AI score
Exploits0References3
Snyk
Snyk
added 2025/11/30 1:14 p.m.6 views

Malicious Package

Overview jstoauto is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

9.8CVSS7.2AI score
Exploits0References3
Snyk
Snyk
added 2025/11/30 1:14 p.m.5 views

Malicious Package

Overview js-coauth is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

9.8CVSS7.2AI score
Exploits0References3
Snyk
Snyk
added 2025/11/30 1:14 p.m.7 views

Malicious Package

Overview react-flex-tools is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

9.8CVSS7.2AI score
Exploits0References3
The Hacker News
The Hacker News
added 2025/02/04 12:11 p.m.18 views

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. "Targets are typically asked to communicate with an interviewer through a link that throws a...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/27 5:12 a.m.41 views

Bogus npm Packages Used to Trick Software Developers into Installing Malware

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEVPOPPER, linking it to North Korean threat...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/12/13 12:29 p.m.23 views

A week in security (Dec 6 – 12)

Last week on Malwarebytes Labs: Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend Click “OK” to defeat MFA Fake job interviews plague major game developers like Riot Games and Rockstar Has your WordPress site been backdoored by a skimmer? What is a search engine and why does...

0.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2019/06/10 11:18 a.m.77 views

Employment Scam

Interesting story of an old-school remote-deposit capture fraud scam, wrapped up in a fake employment scam. Slashdot thread...

1.5AI score
Exploits0
Rows per page
Query Builder