Find notable cyber news and cases, enriched with sources, timelines, and signals.

JINX-0164 cryptocurrency recruitment-lure campaign

Campaign
First reported
Last updated
Happening score
H score 39
2 unique sources, 2 articles

Summary

Hide ▲

A JINX-0164 campaign is targeting cryptocurrency firms and developers with LinkedIn recruiter lures, a fake meeting-and-fix workflow, and macOS malware to steal credentials and reach internal development systems. The operator has been active since at least mid-2025 and uses Audiofix to harvest Keychain, browser, SSH, cloud, and wallet-extension data, then abuses GitHub tokens to tamper with CI/CD pipelines. Wiz also says the activity trojanized @velora-dex/sdk version 4.9.1 to deliver MINIRAT. Defenders are urged to watch for suspicious VPN use, secret exfiltration from build workflows, and unverified commits.

Related Happenings

GitHub API enumeration campaign targeting corporate organizations

Campaign
H score17 First: 09.07.2026 21:38 Last: 09.07.2026 21:38 Sources 1

About this happening: A **GitHub API reconnaissance campaign** is systematically mapping **corporate organizations**, repositories, and user accounts across multiple companies, expanding the risk of fo...

North Korean Contagious Interview PolinRider supply-chain campaign

Campaign
H score51 First: 04.07.2026 14:17 Last: 04.07.2026 14:17 Sources 1

About this happening: The **Contagious Interview / PolinRider** campaign is still active, with **108 unique packages and browser extensions** published across **npm, Packagist, Go, and Google Chrome**....

Operation Navy Ghost PyPI supply-chain campaign

Campaign
H score26 First: 01.07.2026 00:02 Last: 01.07.2026 00:02 Sources 1

About this happening: The **Operation Navy Ghost** campaign has targeted **Python developers** building **Telegram bots** through trojanized **Pyrogram forks**, creating a supply-chain path to compromi...

Y2K Operators Millenium RAT social-engineering distribution campaign

Campaign
H score73 First: 29.06.2026 17:30 Last: 29.06.2026 17:30 Sources 1

About this happening: The **Y2K Operators** are running a **social-engineering distribution campaign** that spreads **Millenium RAT** through **booby-trapped downloads**, exposing users to remote compr...

Codfish/semantic-release-action hit by network compromise

Incident
H score21 First: 26.06.2026 14:05 Last: 26.06.2026 14:05 Sources 1

About this happening: The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...

Timeline

  1. 28.05.2026 10:54 3 articles · 1mo ago

    JINX-0164 targets cryptocurrency organizations with recruiter lures and macOS malware

    Initial Disclosure

    A previously undocumented threat actor tracked as JINX-0164 is targeting cryptocurrency organizations and developers with recruitment-themed social engineering, rogue meeting lures, and bespoke macOS malware to facilitate digital asset theft. The activity is assessed as active since at least mid-2025, includes credential theft and lateral movement into CI/CD and development infrastructure, and in at least one case is said to involve a supply chain attack.

    Show sources