A North Korea-linked hacking group known as Slow Pisces has been targeting software developers, particularly those in the cryptocurrency sector, through LinkedIn by posing as recruiters offering job opportunities. These attacks involve poisoned coding challenges that deploy RN Stealer, a macOS information-stealing malware designed to extract data such as iCloud credentials, SSH keys, and cloud configuration files. Slow Pisces is also associated with the February 2025 Bybit hack. In addition to this, crypto developers and traders have been victimized by a fake Python package named ccxt-mexc-futures, which has been downloaded over 1,065 times. This malicious package hijacks MEXC trades by rerouting orders and stealing tokens. The prevalence of fake AI-generated packages is increasing, with approximately one in five being fraudulent, and slopsquatting attacks are on the rise. Furthermore, threat actors are exploiting Node.js to deliver malware and other harmful payloads, highlighting a broader trend of sophisticated cyberattacks targeting developers via popular platforms and programming environments. These findings were reported by cybersecurity researchers from Palo Alto Networks Unit 42 and Microsoft Security Blog.