North Korean attackers pose as recruiters for financial firms to lure developers into executing trojanized Python projects on their machines as part of fake job interviews.

Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.

Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments.

Attackers have added aggressive social engineering to their arsenal, along with a novel Windows-manipulating persistence mechanism that demands developer vigilance.

Your organization runs on commercial software far more than it does open source.

To detect all kinds of software supply chain attacks, software-producing and consuming organizations need to have access to a collection of mature malware intelligence, in addition to complex binary analysis and reproducible builds.