logo

Active Malware Campaigns in January-May 2026

ID: 52a7a10c-5a7f-56af-a9dd-f51083cd3023

STIX ID: report--52a7a10c-5a7f-56af-a9dd-f51083cd3023

Feed Name: OpenSourceMalware Blog

Threat Score
90/100

Date Published: 2026-06-08

Date Updated: 2026-06-20

Author: cb482791-4ef1-4762-96ad-b0ca4bdd538e

...
...

### Executive Summary: This report documents multiple active 2026 software supply-chain campaigns—notably DPRK-linked Lazarus Group operations (Contagious Interview, TasksJacker/PolinRider) and financially motivated TeamPCP (CanisterWorm, Mini Shai-Hulud)—that used malicious .vscode/tasks.json files, lifecycle hooks, self‑propagating worms, and credential‑stealing payloads to compromise developers, CI runners, package registries (npm, PyPI), and container images, resulting in widespread token and secret exfiltration and large-scale package poisoning.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.