North Korean PolinRider campaign floods npm, Packagist, Go and Chrome Web Store with malicious code
North Korean state-linked hackers running the PolinRider campaign have pushed 108 malicious packages and browser extensions to npm, Packagist, Go and Chrome, highlighting the growing supply-chain risk in open ecosystems. Developers and admins are urged to harden maintainer accounts, audit dependencies and restrict unvetted extensions.