Lazarus Group’s Latest: Brandjacking Campaign on npm

Sonatype Security Research reports a Lazarus Group campaign on npm using brandjacking (suffixes, embedding, version mimicry) across dozens of packages to masquerade as legitimate developer libraries; analysis of the buffer-utilities package revealed a dropper that fetches and executes remote payloads. Organizations that installed affected packages are advised to remove them, investigate for second-stage activity, and treat impacted hosts as potentially compromised.