PolinRider: 108 packages from North Korea + $1M ransom
Infosec · 2026-07-05
Threats & Malware
North Korean PolinRider campaign floods open-source registries with 108 malicious packages3 MIN
The Contagious Interview-linked group has uploaded 108 malicious npm, Composer, Go modules and a Chrome extension, compromising nearly 2,000 GitHub repos. By hijacking maintainer accounts they inject obfuscated JavaScript that alters build configs and launches arbitrary code, keeping the PolinRider supply‑chain attack active.
Breaches & Industry News
U.S. Agency Pays $1 M to Stop Kairos Data‑Only Extortion Threat1 MIN
A U.S. government agency paid Kairos about $1 million to stop the leak of over 2 TB of stolen files, after negotiations saw the demand drop from $3 million. The case study shows the extortion group’s rapid fund‑splitting across crypto exchanges, highlighting the rising threat of data‑only ransom attacks on high‑profile targets.
Get Infosec in your inbox, every issue.
Subscribe free
Subscribe free