developer security Archives • Daily CyberSecurity

North Korea-Aligned Void Dokkaebi Evolves with Binary Obfuscation Void Dokkaebi Cython malware

North Korea-Aligned Void Dokkaebi Evolves with Binary Obfuscation

Do Son May 28, 2026

North Korea-aligned threat actors are updating their malicious toolsets to target software developers globally. Specifically, TrendAI Research...

Global Malicious AI Installer Campaign Targets Developer Workstations Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Global Malicious AI Installer Campaign Targets Developer Workstations

Do Son May 27, 2026

Cybercriminals are currently targeting software engineers with advanced social engineering tactics. Specifically, threat actors launched a highly...

Minirat’s Stealth Supply Chain Attack Targets macOS Developers Minirat macOS Malware Go-based RAT

Minirat’s Stealth Supply Chain Attack Targets macOS Developers

Do Son May 1, 2026

Security researchers at Iru have detailed a sophisticated new threat targeting macOS users through the software supply...

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm npm Supply Chain Attack DPRK Malware Factory

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm

Do Son April 29, 2026

Cybersecurity researchers at Panther Threat Research have released a detailed exposé on a massive, coordinated npm malware...

North Korean Hackers Pivot to AI: New npm Malware Targets Cursor, Claude, and Gemini Tokens AI Tool Targeting Contagious Interview

North Korean Hackers Pivot to AI: New npm Malware Targets Cursor, Claude, and Gemini Tokens

Do Son April 10, 2026

In a calculated move that signals a new frontier in cyber espionage, North Korean threat actors have...

Alert: Social Engineering Campaign Targets Open Source Developers via Slack Social Engineering Developer Security

Alert: Social Engineering Campaign Targets Open Source Developers via Slack

Do Son April 8, 2026

A sophisticated, high-severity social engineering campaign is currently targeting the open source developer community. The attack, which...

The CLAW Trap: How a Sophisticated Phishing Syndicate is Hunting Developers on GitHub OpenClaw crypto scam

The CLAW Trap: How a Sophisticated Phishing Syndicate is Hunting Developers on GitHub

Do Son March 23, 2026

The cybersecurity firm OX Security recently promulgated a report exposing an insidious cryptocurrency artifice targeting the OpenClaw...

Developer Alert: “CursorJack” Technique Weaponizes Deeplinks to Hijack Cursor IDE CursorJack Cursor Vulnerability

Developer Alert: “CursorJack” Technique Weaponizes Deeplinks to Hijack Cursor IDE

Do Son March 20, 2026

Security researchers at Proofpoint Threat Research have detailed a novel exploitation method dubbed CursorJack, which targets the...

Critical 9.7 CVSS TinaCMS Flaw Exposes Local Developer Machines TinaCMS Vulnerability CVE-2026-28792

Critical 9.7 CVSS TinaCMS Flaw Exposes Local Developer Machines

Do Son March 16, 2026

Security researchers have exposed a devastating vulnerability in TinaCMS, a popular headless content management system used by...

The Fake Job Trap: Microsoft Exposes the ‘Contagious Interview’ Campaign Targeting Developers Contagious Interview Invisible Ferret

The Fake Job Trap: Microsoft Exposes the ‘Contagious Interview’ Campaign Targeting Developers

Do Son March 12, 2026

A recent report from Microsoft Defender Experts sheds light on the “Contagious Interview” campaign, a sophisticated social...

The Interview Trap: Malicious Next.js Repositories Weaponize Coding Tests to Hack Developers Developer Targeting Campaign Next.js Malware Lures

Developer Targeting Campaign Next.js Malware Lures

The Interview Trap: Malicious Next.js Repositories Weaponize Coding Tests to Hack Developers

Do Son February 27, 2026

The job hunt just got a lot more dangerous for software engineers. Microsoft Defender Experts identified a...

CVE-2025-65717: Critical Vulnerability in VS Code’s Live Server Extension Puts 72 Million Developers at Risk, No Patch

Do Son February 20, 2026

A wildly popular tool designed to make web development easier is currently harboring a massive security blind...

Fake AI Assistant: Malicious “ClawdBot” Extension Hides Trojan in VS Code ClawdBot Malware VS Code Trojan

Fake AI Assistant: Malicious “ClawdBot” Extension Hides Trojan in VS Code

Do Son January 29, 2026

The viral popularity of AI coding assistants has attracted a new kind of predator. On January 27,...

“G_Wagon” Malware Hides in Fake NPM UI Library to Steal Cloud Keys Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

“G_Wagon” Malware Hides in Fake NPM UI Library to Steal Cloud Keys

Do Son January 27, 2026

It looked like just another UI library. “ansi-universal-ui” promised to be a “lightweight, modular UI component system...

Code by AI: KONNI APT Targets Crypto Devs with “Polished” Backdoor NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Code by AI: KONNI APT Targets Crypto Devs with “Polished” Backdoor

Do Son January 26, 2026

The KONNI APT group, a threat actor historically aligned with North Korean interests, has launched a sophisticated...

Trust Hijacked: Hackers Seize Expired Domains to Poison Linux Snap Apps Snap Store Malware Domain Hijacking

Trust Hijacked: Hackers Seize Expired Domains to Poison Linux Snap Apps

Do Son January 22, 2026

A disturbing new tactic has emerged in the Linux software ecosystem, turning trusted developer accounts into vehicles...

Supply Chain Alert: Critical Code Injection Flaw (CVSS 9.3) in Orval CVE-2026-25141 Orval Vulnerability CVE-2026-23947

Supply Chain Alert: Critical Code Injection Flaw (CVSS 9.3) in Orval

Do Son January 22, 2026

Developers relying on orval to generate type-safe clients from OpenAPI specifications are being urged to update immediately...

“Contagious” Code: North Korean Hackers Infiltrate Developer Workflows via Visual Studio Code BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

“Contagious” Code: North Korean Hackers Infiltrate Developer Workflows via Visual Studio Code

Do Son January 21, 2026

The “Contagious Interview” campaign, a sophisticated cyber-espionage operation attributed to North Korean (DPRK) threat actors, has evolved...

“Evelyn Stealer” Weaponizes Visual Studio Code Extensions KTLVdoor backdoor - CoffeeLoader Malware

“Evelyn Stealer” Weaponizes Visual Studio Code Extensions

Do Son January 21, 2026

The tools that software developers trust most are being turned against them in a sophisticated new malware...

CVE-2026-22718: EOL Spring CLI Tool for VS Code Found Vulnerable to Command Injection CVE-2024-22243 Spring CLI Vulnerability CVE-2026-22718

CVE-2026-22718: EOL Spring CLI Tool for VS Code Found Vulnerable to Command Injection

Do Son January 13, 2026

Developers using the Spring CLI extension for Visual Studio Code are being urged to clean up their...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

developer security

North Korea-Aligned Void Dokkaebi Evolves with Binary Obfuscation

Global Malicious AI Installer Campaign Targets Developer Workstations

Minirat’s Stealth Supply Chain Attack Targets macOS Developers

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm

North Korean Hackers Pivot to AI: New npm Malware Targets Cursor, Claude, and Gemini Tokens

The CLAW Trap: How a Sophisticated Phishing Syndicate is Hunting Developers on GitHub

Developer Alert: “CursorJack” Technique Weaponizes Deeplinks to Hijack Cursor IDE

Critical 9.7 CVSS TinaCMS Flaw Exposes Local Developer Machines

CVE-2025-65717: Critical Vulnerability in VS Code’s Live Server Extension Puts 72 Million Developers at Risk, No Patch

Fake AI Assistant: Malicious “ClawdBot” Extension Hides Trojan in VS Code

“G_Wagon” Malware Hides in Fake NPM UI Library to Steal Cloud Keys

Trust Hijacked: Hackers Seize Expired Domains to Poison Linux Snap Apps

Supply Chain Alert: Critical Code Injection Flaw (CVSS 9.3) in Orval

“Contagious” Code: North Korean Hackers Infiltrate Developer Workflows via Visual Studio Code

“Evelyn Stealer” Weaponizes Visual Studio Code Extensions

CVE-2026-22718: EOL Spring CLI Tool for VS Code Found Vulnerable to Command Injection