This brief covers the trailing ~48 hours (July 4–6, 2026). Every item below was checked against its primary source — vendor advisories, original research posts, and CISA entries — before inclusion.
North Korean “PolinRider” campaign publishes 108 malicious packages and extensions across npm, Packagist, Go, and Chrome
Socket / The Hacker News · July 4, 2026
Threat actors tied to North Korea’s Contagious Interview operation have published 162 malicious release artifacts corresponding to 108 unique packages and extensions — 19 npm libraries, 10 Composer packages, 61 Go modules, and one Google Chrome extension. The campaign, tracked as PolinRider, plants obfuscated JavaScript loaders in legitimate repositories (concealed via whitespace padding or fake .woff2 font files) and triggers execution through VS Code task files with the “runOn: ‘folderOpen'” option; payloads fetch encrypted second stages from blockchain infrastructure that unpack to the DEV#POPPER RAT and OmniStealer. As of April 11, 2026, the broader activity had compromised 1,951 public GitHub repositories belonging to 1,047 unique owners. There is no CVE — this is an account-takeover and supply-chain campaign, and it remains active.
“The campaign remains active, and new malicious packages are likely to continue appearing as threat actors compromise maintainer accounts, modify legitimate repositories, and publish infected package versions where they retain or obtain registry access.” — Karlo Zanki, Socket
Source: Socket research · The Hacker News
JadePuffer: first documented ransomware operation run end-to-end by an AI agent
Sysdig · July 4, 2026
Sysdig researchers documented what they believe is the first ransomware intrusion conducted entirely by an autonomous LLM agent — reconnaissance, credential theft, lateral movement, persistence, privilege escalation, and encryption, with the agent adapting to failures in real time. Initial access came via CVE-2025-3248, a critical unauthenticated remote code execution flaw in the Langflow LLM-app framework that was patched in April 2025 and added to CISA’s KEV catalog in May 2025; the attacker later pivoted to an Alibaba Nacos instance using CVE-2021-29441, an authentication bypass. The operation encrypted 1,342 Nacos service configuration items, dropped the originals, and left a ransom demand with a Bitcoin address and Proton Mail contact — though the encryption key was never stored or transmitted, and the Bitcoin address appears to be a documentation example reproduced from training data.
“The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds.” — Sysdig
Source: Sysdig research · BleepingComputer
U.S. government entity paid Kairos ~$1 million in encryption-free data extortion, blockchain analysis shows
Ransom-ISAC · July 4, 2026
A case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and on-chain tracing, shows a small U.S. government entity — the evidence points to Union County, Ohio, though neither party has confirmed it — paid roughly 9.44 BTC (~$1 million) on June 13, 2025 to keep stolen files from being published. The Kairos group deployed no encryptor at all: it opened at $3 million claiming over 2 TB of stolen data, and used countdown timers and threats to leak a “prosecutors office” folder first. The payment was traced through wallet chains toward deposit addresses at Bybit, OKX, and the Russian service BELQI. The case underscores a broader shift: much of what is still called ransomware now skips encryption entirely and uses stolen data as the sole pressure point.
“Paying to make stolen data disappear is an act of faith, and the receipt is written by the thief.” — The Hacker News
Source: Ransom-ISAC case study · The Hacker News
Opera GX flaw let malicious sites silently install browser mods and steal data from visited pages
The Hacker News · July 6, 2026
Researchers disclosed a vulnerability in Opera GX that allowed a malicious website to silently install a GX Mod — the browser’s reskinning add-on format — and use it to lift data from pages the victim visits; a proof of concept reconstructed a signed-in user’s full Gmail address from a single visit with no clicks. Opera patched the flaw in Opera GX 130.0.5847.89 and says it found no evidence of in-the-wild exploitation. No CVE was assigned, but Opera’s bug bounty team rated the issue P1 (its top severity) and paid the maximum $5,000 reward. Because the attack required no clicks or approvals, there was no workaround short of the patch — users should confirm their version at opera://about.
Source: The Hacker News
SkillCloak: malicious AI agent “skills” evade static scanners more than 90% of the time
The Hacker News · July 6, 2026
Researchers at the Hong Kong University of Science and Technology showed that scanners meant to catch malicious add-on skills for AI coding agents (Claude Code, OpenAI Codex, OpenClaw) can be defeated with simple self-extracting packing techniques that leave the malware fully functional — their strongest variant slipped past every scanner tested more than 90% of the time. Skills run with the agent’s own access to files, terminals, and saved credentials, and most marketplace listings are uploaded by strangers with little vetting. The team also built a runtime checker that catches most of the disguised skills static scanners miss.
Source: The Hacker News
Still developing
“Bad Epoll” Linux kernel flaw (CVE-2026-46242) — The Hacker News · July 3, 2026. A use-after-free race in the kernel’s epoll code lets an unprivileged local user gain root with roughly 99% exploit reliability, affecting desktops, servers, and Android on kernels v6.4 and newer. Researcher Jaeyoung Chung published a working proof of concept; the fix landed upstream (commit a6dc643c6931) in April 2026, but distributions that have not backported it remain exposed, and epoll cannot be disabled as a workaround. Source: The Hacker News · PoC repository
NetNut residential proxy network disrupted — Google Threat Intelligence Group · July 3, 2026. Google, the FBI, Lumen, Shadowserver, and partners disrupted NetNut (aka Popa), a residential proxy network of at least 2 million compromised Android devices including smart TVs and streaming boxes. GTIG observed 316 distinct threat clusters using suspected NetNut exit nodes in a single week, spanning cybercrime and espionage. Source: Google Threat Intelligence · BleepingComputer
SharePoint RCE CVE-2026-45659 on CISA KEV; federal patch deadline passed July 4 — CISA · July 1, 2026. CISA added CVE-2026-45659 (CVSS 8.8), a deserialization-of-untrusted-data remote code execution flaw in SharePoint Server Subscription Edition, 2019, and 2016, to the Known Exploited Vulnerabilities catalog citing active exploitation. Microsoft patched it in May 2026; any authenticated attacker with Site Member permissions can execute code remotely. FCEB agencies were required to remediate by July 4, 2026. Source: CISA alert · The Hacker News
This brief covers the trailing ~48 hours (July 4–6, 2026). Primary sources: Socket, Sysdig, Ransom-ISAC, Google Threat Intelligence Group, CISA, Bad Epoll PoC.