Securonix has discovered a new ongoing social engineering attack campaign that targets software developers with bogus npm packages on the pretext of fake job interviews.
Microsoft's database continues to attract cybercriminal attention; the nature of this wave's threat group is unknown, with the attacks having been exposed only after a happenstance OpSec lag.