Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

PolinRider GitHub supply-chain campaign delivering BeaverTail and InvisibleFerret

Campaign
First reported
Last updated
Happening score
H score 9
1 unique sources, 1 articles

Summary

Hide ▲

A North Korean supply-chain campaign dubbed PolinRider is injecting obfuscated JavaScript into compromised GitHub repositories, exposing developers to staged malware delivery at scale. The operation has reached nearly 2,000 repositories, turning trusted configuration files into a malware distribution path. The chain delivers BeaverTail and then the InvisibleFerret backdoor, increasing the risk of credential theft and persistent access.

Related Happenings

North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale

Threat Actor Meta
H score31 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...

Open Happening

Contagious Interview UNK_DeadDrop GitHub phishing campaign

Campaign
H score37 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: The **Contagious Interview** cluster is running the **UNK_DeadDrop** phishing campaign to lure developers with **recruitment** and **code review** themes, reaching **nearly 100 or...

Open Happening

Miasma supply-chain malware activity

Malware Activity
H score34 First: 10.06.2026 23:27 Last: 10.06.2026 23:27 Sources 1

About this happening: The **Miasma** malware activity is enabling **supply-chain compromise** by stealing **build environment** and **cloud credentials**, then using them to poison legitimate packages...

Open Happening

IronWorm npm supply-chain infection and self-propagation

Malware Activity
H score15 First: 04.06.2026 18:25 Last: 04.06.2026 18:25 Sources 1

About this happening: **IronWorm** is a **Rust** infostealer in a **npm supply-chain** activity that hides behind an **eBPF kernel rootkit**, communicates over **Tor**, and targets **86 environment var...

Open Happening

Miasma GitHub and npm supply-chain campaign

Campaign
H score26 First: 02.06.2026 00:38 Last: 02.06.2026 00:38 Sources 1

About this happening: The **Miasma** supply-chain campaign has expanded into a new **PyPI** branch called **Hades**, with **37 malicious wheel artifacts** across **19 packages**. The compromised releas...

Latest development: 05.06.2026 21:05

A new Miasma wave is linked to 57 compromised npm packages across more than 286 malicious versions, with malicious installs abusing a 157-byte binding.gyp file for code execution during npm install and then staging additional payloads that inject persistent backdoor files into project repositories and target AI-assisted IDE workflows.

Open Happening

Timeline

  1. 23.06.2026 11:54 2 articles · 3h ago

    PolinRider compromises nearly 2,000 GitHub repositories

    Campaign Scope Update

    PolinRider is a North Korean supply-chain campaign that injects obfuscated JavaScript into legitimate developers' configuration files across nearly 2,000 compromised GitHub repositories, delivering BeaverTail and then the InvisibleFerret backdoor.

    Show sources
    Open in new tab