north-korea

The Visible Hand: How AI is Already Breaking the Security Model

John Z Black Apr 17, 2026

AI Security #ai-security #claude-mythos #hugging-face #phishing #north-korea

Central banks are panicking over unreleased AI models while hackers are already using them to backdoor Hugging Face and close $100k crypto heists. The weaponized AI era is officially here.

The Attack Isn't Coming From a Stranger. It's Coming From Your GitHub Notifications.

John Z Black Apr 14, 2026

Threat Intelligence #apt37 #north-korea #phishing #github #jira #social-engineering #pushpaganda #google-discover

Four active campaigns documented today share one design principle: the attack arrives from something the target already trusts. APT37 builds friendships on Facebook first. Attackers abuse GitHub and Jira notifications to deliver phishing links that pass SPF, DKIM, and DMARC. A fake rocket alert app spies on people in a conflict zone. AI-generated articles seed Google Discover with scareware.

North Korea Backdoored Axios for Three Hours. That Was Enough.

John Z Black Apr 2, 2026

Threat Intelligence #npm #supply-chain #north-korea #axios #dprk #waveshaper #unc1069

DPRK hackers hijacked the Axios npm package, deploying a self-erasing backdoor across 100 million weekly downloads. Three hours was all they needed.

The Progress We Thought We Were Making Against Hackers? It Just Went Backward.

John Z Black Mar 30, 2026

Threat Intelligence #m-trends #dwell-time #mandiant #espionage #ransomware #north-korea #threat-intelligence

Dwell time reversed in 2025, and the reason why tells you exactly which threats most security programs are not built to catch.

Inside the North Korean IT Worker Playbook: IBM and Flare's New Research Shows Exactly How They Get In

John Z Black Mar 23, 2026

Threat Intelligence #north-korea #threat-intelligence #insider-threat #identity-fraud #dprk #remote-work-security

IBM and Flare published the most detailed technical breakdown yet of how North Korean IT workers infiltrate US companies, including specific detection controls security and HR teams can actually use.

How a Virginia Security Firm Set a Trap and Caught a North Korean Spy Applying for a Remote Job

John Z Black Mar 22, 2026

Threat Intelligence #north-korea #dprk #it-worker-fraud #nisos #ofac #hiring-fraud #insider-threat #remote-work

Nisos set up a fake hiring scenario, handed a suspected DPRK worker a monitored laptop, and caught them. The most unsettling part: the companies already infiltrated had no idea until Nisos called.

The Insider Front Door: How Legitimate Access Keeps Becoming Extortion

John Z Black Mar 21, 2026

Incidents & Breaches #insider-threat #north-korea #extortion #access-management #workforce-fraud #contractor-risk

A data analyst extorted his employer for $2.5M using access his job gave him. Three Americans helped North Korean operatives infiltrate US companies as fake IT workers. Different crimes, same root problem.

North Korea Behind Polyfill.io? Supply Chain Poisoning Just Got a State Sponsor

John Z Black Mar 13, 2026

Supply Chain Security #supply-chain #north-korea #polyfill #npm #simple-git #javascript #cve

Forensic research links the Polyfill.io supply chain attack to a North Korean operative. The same week, a CVSS 9.8 RCE hits the simple-git npm library. Your dependency graph is your attack surface.

APT28's Covenant Trick and North Korea's AirDrop Hack: How Nation-States Borrow Their Tools

John Z Black Mar 11, 2026

Threat Intelligence #apt28 #north-korea #nation-state #covenant #airdrop #threat-intelligence

Russia's APT28 hijacked an open-source red-team tool to hit Ukraine. North Korea's UNC4899 used Apple AirDrop to break into a crypto firm. Both attacks exploit the trust we put in legit software.