{
  "title": "buffer-utilities: Lazarus Group npm Brandjacking Dropper",
  "summary": "Sonatype and JFrog describe buffer-utilities as a malicious npm brandjacking package in a Lazarus Group campaign; the package acts as a dropper that fetches and launches remote payloads.",
  "date": "2026-06-18",
  "severity": "high",
  "tags": [
    "npm",
    "node",
    "supply-chain",
    "brandjacking",
    "lazarus-group"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "sonatype-2026-003558-buffer-utilities",
    "since": "2026-06-18T00:00:00Z",
    "until": "2026-06-18T23:59:59Z",
    "ecosystem": "",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "setup.cjs"
    ],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}