North Korean threat actors are using npm (Node Package Manager) ecosystem to publish malicious packages to deliver malware. The campaign aims to infiltrate developer systems, steal sensitive data, and gain long-term access. The malware, called BeaverTail, evades detection systems using hexadecimal string encoding. Some packages are linked to Bitbucket repositories instead of GitHub, with variations in code-levels suggesting multiple malware variants. Security researchers have urged caution when dealing with executable files from unknown sources.
NZ halts data, digital jobs cuts and more briefs
New Zealand’s Te Whatu Ora Health has halted restructuring plans that included axing data and digital jobs, following a legal complaint by the Public Service
