New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility software development kit (SDK)
ORIGINAL SOURCE →via The Hacker News
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · tech
- [TECH] Elon Musk testifies Sam Altman was not 'honest' about OpenAI's nonprofit mission
- [TECH] Google Photos uses AI to make the iconic closet from ‘Clueless’ a reality
- [TECH] Watch live: Trump hosts Artemis II astronauts at White House
- [TECH] More Gemini features are coming to Google TV
- [TECH] OpenAI Sued Over Failure to Warn Police Before Tumbler Ridge Mass Shooting
- [TECH] This Super Semiconductor Stock Is Obliterating Nvidia, AMD, and Broadcom in 2026