"From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet" published by Microsoft. #Mastra, #NPM, #SapphireSleet, #DPRK, #CTI https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply-chain-compromise/

"Mastra npm Scope Takeover: 143 Packages Drop a RAT" published by SafeDep. #Mastra, #NPM, #DPRK, #CTI https://safedep.io/mastra-npm-scope-takeover-supply-chain-attack/

"정상 이력서처럼 보이지만 실행 순간 감염 시작" published by Ahnlab. #LNK, #Xctdoor, #DPRK, #CTI https://asec.ahnlab.com/ko/94163/

"개인정보 동의서인 줄 알았던 바로가기 파일의 정체는?" published by Ahnlab. #Kimsuky, #LNK, #DPRK, #CTI https://asec.ahnlab.com/ko/94162/

"Chai.js 플러그인으로 위장한 북한발 npm 악성 패키지 'chai-as-init' 분석" published by ESTSecurity. #ContagiousInterview, #NPM, #DPRK, #CTI https://blog.alyac.co.kr/5766

"Humanity Protocol" published by Rekt. #HumanityProto, #DPRK, #CTI https://rekt.news/humanity-protocol-rekt

"$H Incident Summary" published by Humanity. #HumanityProto, #DPRK, #CTI https://www.humanity.org/hincidentupdate

"Exposing DPRK Employment Fraud Operations" published by NISOS. #ITWorker, #PiKVM, #DPRK, #CTI https://nisos.com/research/dprk-employment-fraud-operation/

"$H Incident: Tooling Linked to North Korean Actors" published by Humanity. #HumanityProto, #DPRK, #CTI https://x.com/Humanityprot/status/2065480523057647652

"Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2" published by Genians. #APT37, #LNK, #NarwhalRAT, #DPRK, #CTI https://www.genians.co.kr/en/blog/threat_intelligence/narwhalrat

"MS 사칭 피싱과 Dead-drop C2 기반 APT37 NarwhalRAT 분석" published by Genians. #APT37, #LNK, #NarwhalRAT, #DPRK, #CTI https://www.genians.co.kr/blog/threat_intelligence/narwhalrat

"The North Korean IT worker threat: A modern insider risk" published by Corelight. #Deepfake, #ITWorker, #DPRK, #CTI https://corelight.com/blog/north-korean-it-worker-insider-threat

"astro.config.mjs Supply Chain Attack via Blockchain C2" published by SafeDep. #PolinRider, #DPRK, #CTI https://safedep.io/astro-config-blockchain-c2-supply-chain

"Hunting North Korea's job adverts on Google Docs" published by Kmsec. #FamousChollima, #DPRK, #CTI https://kmsec.uk/blog/dprk-google-docs/

"CrowdStrike 2026 Report: China Fuels Attacks on Tech" published by CrowdStrike. #FamousChollima, #LabyrinthChollima, #StardustChollima, #Trend, #DPRK, #CTI https://www.crowdstrike.com/en-us/blog/crowdstrike-2026-technology-threat-landscape-report/

"Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency" published by Proofpoint. #ContagiousInterview, #UNK_DeadDrop, #DPRK, #CTI https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal

"Lazarus Group's Latest: Brandjacking Campaign on npm" published by Sonatype. #NPM, #Lazarus, #DPRK, #CTI https://www.sonatype.com/blog/lazarus-groups-latest-brandjacking-campaign-on-npm

"Lazarus Group: The Hackers With a National Budget" published by PureFi. #Lazarus, #DPRK, #CTI https://medium.com/purefi/lazarus-group-the-hackers-with-a-national-budget-41f1878fc131

"APT-C-26（Lazarus）组织利用CVE-2025-55182与Copperhedge组件的攻击行动分析" published by Qihoo360. #APT-C-26, #CVE-2025-55182, #Copperhedge, #DPRK, #CTI https://mp.weixin.qq.com/s/3kwDMAXviaE1TUDnkYlqrg

"새벽에 온 암호화 손님 Endpoint(Midnight) 랜섬웨어 분석" published by Ahnlab. #Endpoint, #Midnight, #Ransomware, #Suspicious, #DPRK, #CTI https://asec.ahnlab.com/ko/93931/

"Tracking North Korea Nation-State APT Infrastructure: Kimsuky" published by Idanmalihi. #Kimsuky, #DPRK, #CTI https://idanmalihi.com/tracking-north-korea-nation-state-apt-infrastructure-kimsuky/

"Famous Chollima Targets PHP Developers Through Compromised Packagist Package" published by Socket. #ContagiousInterview, #FamousChollima, #DPRK, #CTI https://socket.dev/blog/famous-chollima-targets-php-developers-through-compromised-packagist-package

"Sapphire Sleet Targets macOS in Multi-Stage Intrusion Campaign" published by Levelblue. #SapphireSleet, #macOS, #DPRK, #CTI https://www.levelblue.com/blogs/spiderlabs-blog/sapphire-sleet-targets-macos-in-multi-stage-intrusion-campaign

"Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace" published by SafeDep. #FamousChollima, #HuggingFace, #NPM, #DPRK, #CTI https://safedep.io/microsoftsystem64-binary-payload-analysis/

"ESET APT Activity Report Q4 2025–Q1 2026" published by ESET. #Andariel, #DangerousPassword, #DeceptiveDevelopment, #DreamJob, #Rook, #ScarCruft, #DPRK, #CTI https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q4-2025-q1-2026.pdf

"Threat Actor Targets Crypto Organizations" published by Wiz. #JINX-0164, #Suspicious, #macOS, #DPRK, #CTI https://www.wiz.io/blog/threat-actors-target-crypto-orgs

"Kimsuky의 고도화된 공격 기법 분석: JSONPing, Webex 사칭, 그리고 새로운 HttpSpy 변종" published by ENKI. #HttpSpy, #JSONPing, #Kimsuky, #DPRK, #CTI https://www.enki.co.kr/media-center/blog/kimsuky-s-advanced-attack-techniques-jsonping-webex-spoofing-and-a-new-httpspy-variant

"Kimsuky's Advanced Attack Techniques: JSONPing, Webex Spoofing, and a New HttpSpy Variant" published by ENKI. #HttpSpy, #JSONPing, #Kimsuky, #DPRK, #CTI https://www.enki.co.kr/en/media-center/blog/kimsuky-s-advanced-attack-techniques-jsonping-webex-spoofing-and-a-new-httpspy-variant

"KimjongRAT 변종: 정보 탈취에서 원격 접근 확보로의 확장" published by Hauri. #KimjongRAT, #DPRK, #CTI https://hauri.co.kr/security/security_view.html?intSeq=88&page=1&keyfield=&key=

"More CVEs, Same Playbook: 2026 Vulnerability Exploitation in the Wild" published by Proofpoint. #CVE-2026-21510, #LNK, #Phishing, #TA406, #DPRK, #CTI https://www.proofpoint.com/us/blog/threat-insight/more-cves-same-playbook-2026-vulnerability-exploitation-wild

"‘보안 메일’도 안심 금물! 카드사 사칭 악성 파일 유포 중" published by Ahnlab. #Kimsuky, #LNK, #MeshAgent, #DPRK, #CTI https://asec.ahnlab.com/ko/93854/

"DPRK Captive Portal Infrastructure Found in Testing" published by NKInternet. #OpSec, #DPRK, #CTI https://nkinternet.com/2026/05/26/dprk-captive-portal-infrastructure-found-in-testing/

"I was likely targeted by DPRK in a sophisticated developer malware campaign" published by Denv. #ContagiousInterview, #VSCode, #DPRK, #CTI https://blog.denv.it/posts/i-was-likely-targeted-by-dprk-in-a-sophisticated-developer-malware-campaign/

"2026년 4월 APT 공격 동향 보고서(국내)" published by Ahnlab. #LNK, #Phishing, #DPRK, #CTI https://asec.ahnlab.com/ko/93830/

"A Fake Coding Interview Is an Execution Request: Developer Safety Checklist" published by RedAsgard. #GitHub, #Lazarus, #NPM, #VSCode, #DPRK, #CTI https://redasgard.com/blog/fake-coding-interview-developer-safety-checklist

"RemotePE: The Lazarus RAT that lives in memory" published by Foxit. #Lazarus, #RemotePE, #DPRK, #CTI https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory/

"OFAC Sanctions Tracker: How Sanctions Impact Crypto Crime" published by Chainalysis. #ITWorker, #Sanctions, #DPRK, #CTI https://www.chainalysis.com/blog/ofac-sanctions/

"Hunting Lazarus Part IX: The Google Mirror" published by RedAsgard. #BeaverTail, #OtterCookie, #DPRK, #CTI https://redasgard.com/blog/hunting-lazarus-part9-google-mirror

"Cross-Platform NPM Stealer" published by Dshield. #NPM, #OtterCookie, #DPRK, #CTI https://dshield.org/diary/CrossPlatform+NPM+Stealer/33006/

"Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware" published by TrendMicro. #InvisibleFerret, #VoidDokkaebi, #DPRK, #CTI https://www.trendmicro.com/en_us/research/26/e/analyzing-void-dokkaebi-invisibleferret-malware.html

"Interview with the Chollima VIII" published by Bitso. #ITWorker, #DPRK, #CTI https://quetzal.bitso.com/p/interview-with-the-chollima-viii

"North Korean-Linked Threat Actor Targets Developers with New npm Infostealer RAT" published by OxSecurity. #NPM, #DPRK, #CTI https://www.ox.security/blog/north-korean-npm-infostealer-rat/

"Cyber Threat Intelligence Report 2026" published by Bridewell. #Trend, #Collaboration, #NPM, #DPRK, #CTI https://www.bridewell.com/insights/white-papers/detail/cyber-threat-intelligence-report-2026

"LayerZero Labs KelpDAO Incident Report" published by LayerZero. #KelpDAO, #TraderTraitor, #DPRK, #CTI https://layerzero.network/publications/kelpdao-incident-report.pdf

"DPRK Activity Evolution Through Campaign Linkage" published by Krypt3ia. #Cryptocurrency, #ITWorker, #SupplyChain, #DPRK, #CTI https://krypt3ia.wordpress.com/2026/05/19/threat-intelligence-report-dprk-activity-evolution-through-campaign-linkage/

"Axios attacker strikes again! Three NPM packages have been hiding in plain sight for two months" published by OSM. #Axios, #NPM, #UNC1069, #DPRK, #CTI https://opensourcemalware.com/blog/axios-attacker-additional-npm-packages

"Deep Dive into Active Github Network Running Contagious Interview" published by meowmfer. #ContagiousInterview, #BeaverTail, #OmniStealer, #DPRK, #CTI https://archive.md/JMkiH

"Hunting Lazarus Part VIII: OtterCookie" published by RedAsgard. #Lazarus, #OtterCookie, #DPRK, #CTI https://redasgard.com/blog/hunting-lazarus-part8-ottercookie

"1분기 DPRK Operation Kimsuky 분석" published by Logpresso. #GitHub, #Kimsuky, #LNK, #DPRK, #CTI https://logpresso.com/ko/blog/2026-05-15-1Q-Kimsuky-report

"How malware abuses npm lifecycle scripts and VS Code tasks" published by OSM. #Axios, #NPM, #TasksJacker, #DPRK, #CTI https://opensourcemalware.com/blog/malware-abuses-vscode-lifecycle-scripts