Fake recruiter coding tests target devs with malicious Python packages
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.