The NCSC and South Korea’s NIS issued a joint warning against the Lazarus hacking group leveraging a zero-day flaw in the MagicLine4NX software. The zero-day exploit allowed Lazarus to conduct a series of supply-chain attacks, starting with a watering hole attack on a media outlet’s website. Organizations using a vulnerable version of MagicLine4NX must update the software to the latest version to stay safe.