Cybersecurity researchers have discovered a fresh set of
malicious packages across npm and the Python Package Index (PyPI)
repository linked to a fake recruitment-themed campaign
orchestrated by the North Korea-linked Lazarus Group. The
coordinated campaign has been codenamed graphalgo in reference to
the first package published in the npm registry. It's assessed to
be active since May 2025. "
Read more https://thehackernews.com/2026/02/lazarus-campaign-plants-malicious.html
