Find notable cyber news and cases, enriched with sources, timelines, and signals.

Shifty Corsair evolves open-source supply-chain tradecraft with fake firms, layered packages, and AI-assisted deception

Threat Actor Meta
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

Shifty Corsair has expanded its operating model into a more convincing developer-lure ecosystem, increasing the risk of open-source supply-chain compromise against Web3 targets. The group now combines fake companies, fake job interviews, layered package delivery, and AI-generated code to make malicious projects look legitimate. Its reach spans npm, PyPI, and GitHub-hosted artifacts, showing a broader and more adaptive delivery network. That shift matters because it improves deception, evasion, and scale across multiple package ecosystems.

Related Happenings

OpenAI and Trail of Bits launch Patch the Planet open-source security program

Commercial Activity
H score1 First: 23.06.2026 06:56 Last: 23.06.2026 06:56 Sources 1

About this happening: OpenAI launched **Patch the Planet** with **Trail of Bits** to help secure **open-source projects**, expanding a cybersecurity-focused partnership program for maintainers and defe...

North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale

Threat Actor Meta
H score31 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...

Contagious Interview UNK_DeadDrop GitHub phishing campaign

Campaign
H score37 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: The **Contagious Interview** cluster is running the **UNK_DeadDrop** phishing campaign to lure developers with **recruitment** and **code review** themes, reaching **nearly 100 or...

Miasma software supply chain campaign expands to new PyPI wave

Campaign
H score29 First: 09.06.2026 19:34 Last: 09.06.2026 19:34 Sources 1

About this happening: The **Miasma** supply-chain campaign has expanded into a new **PyPI** wave, increasing the risk that developers and downstream users will ingest **information-stealing malware** t...

Miasma self-replicating supply chain attack campaign targeting open-source repositories

Campaign
H score83 First: 06.06.2026 09:58 Last: 06.06.2026 09:58 Sources 1

About this happening: The **Miasma** self-replicating supply-chain campaign has reached **73 Microsoft repositories** across **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs** on **GitH...

Timeline

  1. 29.04.2026 17:43 2 articles · 2mo ago

    PromptMink and related supply-chain tradecraft are publicly disclosed

    Initial Disclosure

    A North Korean supply-chain malware campaign linked to Famous Chollima, also known as Shifty Corsair, combines AI-assisted package creation, layered npm dependencies, and typosquatting to hide malicious code in packages such as @validate-sdk/v2 and @hash-validator/v2, steal crypto wallet credentials and funds, and extend delivery into PyPI and GitHub-hosted artifacts for Web3 developer targets.

    Show sources