top of page
ALL POSTS
2026: The Emergence of AI-Assisted Cyber Threats
Key Findings AI-assisted coding tools crossed a critical threshold in 2025, enabling nontechnical individuals to conduct sophisticated cyberattacks previously requiring specialized expertise Malicious packages in public repositories increased 75%, cloud intrusions rose 35%, and time-to-exploit dropped from 700+ days to 44 days Multiple teenagers and lone actors successfully executed attacks using ChatGPT and Claude that would have required organized teams in the pre-AI era Ex
May 53 min read
North Korean-Linked Hackers Distribute 1,700 Malicious Packages Across Multiple Package Repositories
North Korean-linked threat actor "Contagious Interview" has distributed over 1,700 malicious packages across npm, PyPI, Go, Rust, and Packagist ecosystems since January 2025 Malicious code is hidden within legitimate-looking functions and only executes at runtime, not during installation, making detection harder Packages function as malware loaders delivering second-stage payloads with infostealer, RAT, and post-compromise capabilities including keylogging and remote access C
Apr 82 min read
36 Malicious npm Packages Deploy Redis and PostgreSQL Persistent Implants
Key Findings 36 malicious npm packages masquerading as Strapi CMS plugins uploaded by four sock puppet accounts over 13 hours Eight distinct payload variants reveal real-time attack development against a specific target Exploitation chain includes Redis RCE, PostgreSQL database theft, Docker container escape, and persistent C2 implants Packages target cryptocurrency platform infrastructure with hardcoded database credentials and wallet-specific data harvesting Postinstall scr
Apr 54 min read
North Korean Hackers Release Updated OtterCookie Malware via Malicious npm Packages
Key Findings North Korean threat actors behind the Contagious Interview campaign have flooded the npm registry with 197 more malicious packages since last month These packages have been downloaded over 31,000 times and are designed to deliver a variant of OtterCookie malware The malware attempts to evade sandboxes and virtual machines, profiles the machine, and establishes a command-and-control (C2) channel to provide the attackers with remote shell access and capabilities to
Nov 29, 20252 min read
bottom of page
