• Bogus npm Packages Used to Trick Software Developers into Installing Malware
• Zero-Day from 2017 Used Along With Cobalt Strike Loader in Unholy Alliance
• New Brokewell Malware Takes Over Android Devices, Steals Data
• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
• Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries
• Researchers Found 18 Vulnerabilities in Brocade SANnav
• Autodesk Hosting PDF Files Used in Microsoft Phishing Attacks
• ThreatLocker Raises $115M in Series D Funding
• Researchers Sinkhole PlugX Malware Server With 2.5 Million Unique IPs
• Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
• Most people still rely on memory or pen and paper for password management
• LSA Whisperer: Open-source tools for interacting with authentication packages
• Breaking down the numbers: Cybersecurity funding activity recap
• New infosec products of the week: April 26, 2024
• Net neutrality has been restored
• Attackers Leverage Black Hat SEO Techniques to Distribute Info-Stealer Malware
• Ring Customers Get $5.6 Million in Privacy Breach Settlement
• Vulnerabilities in Microsoft's PlayReady DRM Could Enable Illegal Movie Downloads From Streaming Services
• ArcaneDoor Hackers Exploit Cisco Zero-Days to Breach Government Networks
• Report: Security Leaders Braced for Daily AI-Driven Attacks by Year-End

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor.